[ Thread Index |
Date Index
| More lists.liballeg.org/allegro-developers Archives
]
- To: alleg-developers@xxxxxxxxxx
- Subject: Re: [AD] MSVC 8 cl flags
- From: Chris <chris.kcat@xxxxxxxxxx>
- Date: Fri, 19 Aug 2005 16:52:04 -0700
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=QzbvtrWZ48hmbVuTBIbJr52YPuByscspTkqiQ88CePu1VAZSxhQzizINx40VOF71LeAMGRdy4dqAUZTYpn6s9dOu6tuDLiRihbYdxSelH1YlRzzFpwwTmS825aXwahjNZpg+H5PRZGItJCD2PxtKKkkIp+6AeRZU66120cUjCgk=
On Friday 19 August 2005 04:10 pm, Evert Glebbeek wrote:
> > Sadly C library was not written with security in mind. If I understand
> > MS correctly they are not going to remove anything, they are just
> > marking potentially unsafe functions. And this is IMHO good because this
> > is what are warnings for.
>
> Yes. But they should, IMHO, have made a warning that said `Warning: this
> function is potentially unsafe' rather than `Warning: this function is
> deprecated'
As I understand it, only Microsoft's implementation of libc is unsafe. From
what I've heard, other systems do not have this problem. As well, the "old"
functions and the new ones that replace them have the same prototype, just
with a different name (so they could've just easilly fixed the problems in
the "unsafe" functions, and not have to make new functions for it). I haven't
been able to find any info on what the problem is, other than MSDN claiming
they're "unsafe" and should use other functions isntead.
> > In fact, the only thing which I don't
> > understand is why deprecation of such dangerous functions like gets was
> > not done in C99.
To be clear, it's not functions like sprintf that they're marking unsafe
(though I'm sure that's included). But things like fopen, printf, memcpy, and
other, as well.