Solves the Security Warning of functions in CRT (C run-time ).

Solves the Security Warning of functions in CRT (C run-time ).

Refer to msdn

1. security features in the CRT

2. Secure template overloads

Is this warning sometimes:

Warning c4996: 'strcpy': This functionor variable may be unsafe. Consider using strcpy_s instead. To disabledeprecation, use _ crt_secure_no_warnings. See online help for details.

D: \ Program Files \ microsoft visualstudio 10.0 \ Vc \ include \ string. H (105 ):See"Strcpy"Statement

 

Solution

1. # DEFINE _ crt_secure_no_warnings to ignore these warnings.

The macro definition must be placed at the beginning of the source file, that is, before the header file is included.

This method only ignores the warning information and does not eliminate security risks.

Ii. Use secure template overloads

2.1, # define_ Crt_secure_cpp_overload_standard_names1

Put this macro definition at the top of the source file. An example on msdn is as follows:

 
# DEFINE _ crt_secure_cpp_overload_standard_names 1 # include <stdio. h> # include <string. h> int main () {char szbuf [10]; strcpy (szbuf, "test"); // ==> strcpy_s (szbuf, 10, "test ")}
 

In this example, the template converts strcpy to strcpy_s to determine and eliminate security risks. By default,

_ Crt_secure_cpp_overload_secure_namesIs defined as 0, so to use this method, you must define it as 1.

2.2, # DEFINE _ crt_secure_cpp_overload_secure_names 1

Put this macro definition at the top of the source file to solve the problem, but change the source file. Here is an msdn example:

 

 
# DEFINE _ crt_secure_cpp_overload_secure_names 1 # include <stdio. h> # include <string. h> int main () {char szbuf [10]; strcpy_s (szbuf, "test"); // ==> strcpy_s (szbuf, 10, "test ")}
 

In the example, change strcpy to strcpy_s without changing the parameter. This template changes the two parameters of the original strcpy to three parameters of strcpy_s. To eliminate security risks, pay attention to the default situation: crt_secure_cpp_overload_secure_names is defined as 1, so we do not need to write the macro definition below, as long as we simply change strcpy to strcpy_s.

The above two methods should be noted that they are only useful for some functions, such as strcpy, and some cannot do this, at this time, you need to re-call the function according to the parameter settings of the new function. That is, method 3 below is the most effective.

In addition, method 2 only adapts to static arrays and does not apply to dynamic arrays.

3. Re-call the new function according to the parameter requirements of the new function. For example, in the above example:

The strcpy_s function declaration is as follows:

 
Errno_t strcpy_s (
 

 
Char * strdestination,
 

 
Size_t numberofelements,
 

 
Const char * strsource
 

 
);
 

The second parameter is the size of the target buffer, so you can add it when calling it.