< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index Next in Thread >

Re: [reSIProcate] Visual Studio 2005 compilation warnings of 1.4 branch


Matthias Moetje wrote:
> Adam,
> 
> I wanted to add a few more comments on the strdup issue.
> 
> strdup was not replaced by _strdup due to security concerns.
> This function is never unsecure because it does not write to
> an existing buffer, instead it creates and returns a new 
> buffer, so buffer overruns (at least) will never occur.
> 
> The reason why it was replaced is that strdup (and similar
> functions) do not conform to the ISO C++ standard because
> functions starting with 'str' are reserved and strdup does
> not belong to the standard (at least the '99 one).
> While I think it is a noble goal by MS to be more standards
> compliant I think this decision is silly because it create
> more cross-platform issues as it solves...
> It remains interesting, though, if other compilers will 
> Follow this route ;-)

strdup is standardized by POSIX though, as well as dating back to SVr4
and 4.3BSD according to Linux man-pages, so Microsoft's behaviour on
this seems to be just foisting an incompatible and uglier name on us for
zero concrete advantage. :-/

> The other really important change to many of the string functions
> is the introduction of the secure string functions, suffixed 
> with '_s'.
> I would be interested in replacing all these functions with 
> their secure counterparts in the next year.
>
> The platform compatibility could be easily achieved by creating
> a few wrapper functions included in a define which will call
> the unsecure counterparts on platforms where the secure versions
> are available.
> The benefit of this is obvious...
> 
> Does anybody know about non-Windows platforms, are there libraries
> with these secure functions already?

I'm not aware of any. I reckon that there's a fair chance that if anyone
else set out to create safer string functions for Unix, they'd probably
do it without Microsoft's Excessive Underscore Disease too :-)

Max.


Attachment: signature.asc
Description: OpenPGP digital signature