Unsecured API functions
stefan at codeweavers.com
Fri May 4 04:39:53 CDT 2007
Am Donnerstag 03 Mai 2007 23:58 schrieb Tom Spear:
> On 5/3/07, Marcus Meissner <marcus at jet.franken.de> wrote:
> > wine is not using gets() at all, insofar there is no risk from it.
> That much I knew, however we do use strcpy (especially in msi), and
> that is another one that has been deprecated ("banned")..
Afair some time ago part of the code was using strncpy which has a destination
size count and is sometimes considered safe because of that. The strncpy
calls were removed some time ago. Not sure why, but I think thats because
strncpy has tricky cavecats too, like not necessarily terminating the string
with '\0'. I don't know about the _s APIs, but I guess they're not fool prove
either and look like a sort of embrace and extend to me.
As for applications using the safe functions I think Frank is right and they
are implemented in the visual studio specifc msvcrt dlls, thus wine doesn't
have to implement them. My Visual Studio 6 doesn't know them.
More information about the wine-devel