Re: Undeclared identifier error in file "xlocnum"

Hi Joe,

Well, there is still a reason to use those crappy old functions. If
your code is used on other platforms and by other compilers you will
do much less re-coding if you use those tired old workhorses.

-Kurt

On Thu, 07 Jul 2005 02:49:59 -0400, Joseph M. Newcomer
<newcomer@xxxxxxxxxxxx> wrote:

>I had issues with strcat and strcpy in 1975, and nothing in the intervening 30 years has
>changed the fact that they are exceptionally poorly designed. I have never liked them, and
>now that I have CString, I never use them (what never? Well, hardly ever...)
>
>As I indicated, you have done something that includes the safe-string library; this
>redefines all those crappy old functions to generate warning messages, and provides for
>intelligently-designed alternatives. That's why a new project won't cause problems; but
>include the safe-string library and you'll get the problems.
>
>Note that when Microsoft did a code audit of Windows as part of their security effort,
>several THOUSAND potential buffer overflow exploits were identified as the result of
>strcpy and strcat. This came as no surprise to me. (I've heard numbers like 5000 and 8000
>quoted in some newsgroups, but I have no inside information to verify any of these
>numbers. But they are quite credible). Since there is little or no reason to use either
>strcpy or strcat these days, it is better to adopt safe programming practices. I very
>nearly have the safe-string strcpy and strcat memorized at this point, mostly because I so
>rarely need them that I don't have to write such functions very often, and really don't
>use strcpy/strcat any longer.
> joe
>

.

Relevant Pages

  • Re: Undeclared identifier error in file "xlocnum"
    ... there is still a reason to use those crappy old functions. ... >your code is used on other platforms and by other compilers you will ... >>strcpy or strcat these days, it is better to adopt safe programming practices. ...
    (microsoft.public.vc.mfc)
  • Re: Undeclared identifier error in file "xlocnum"
    ... I had issues with strcat and strcpy in 1975, and nothing in the intervening 30 years has ... you have done something that includes the safe-string library; ... you should not be using sprintf any longer. ...
    (microsoft.public.vc.mfc)
  • Re: Difference between strcpy() and strcat()?
    ... Leor Zolman wrote in message news:> "strcpy is safer than strcat because it is easier to check programmatically ... > length of the source string. ... With strcat, on the other hand, you have to ...
    (comp.lang.c)
  • Re: FindFirstFile, how much faster than FindNextFile?
    ... If you want to see really horrible, hair-raising code, open a recent CUJ ... and check how the guy is creating XML request strings. ... if you ever write strcpy or strcat, THINK REAL HARD ABOUT WHY YOU ...
    (microsoft.public.vc.mfc)
  • Re: Difference between strcpy() and strcat()?
    ... There's more "stuff" to think about when using strcat; ... I would never dream of using it "in place of" strcpy; ... std::string in C++ and try to avoid str*() whenever possible, ...
    (comp.lang.c)