Unsecured API functions
Marcus Meissner
meissner at suse.de
Fri May 4 04:52:06 CDT 2007
On Thu, May 03, 2007 at 04:58:58PM -0500, Tom Spear wrote:
> On 5/3/07, Marcus Meissner <marcus at jet.franken.de> wrote:
> >wine is not using gets() at all, insofar there is no risk from it.
>
> That much I knew, however we do use strcpy (especially in msi), and
> that is another one that has been deprecated ("banned")..
>
> See http://msdn2.microsoft.com/en-us/library/bb288454.aspx for the
> complete list..
>
> >It would be quite hard to convert gets -> gets_s by magic ;)
> hmm, I thought so, and re-reading the page, it appears that it is
> actually more of a proposal, than a list of api's that have actually
> already been deprecated, however if msdn has an article from the sdl
> that pushes for the deprecation of non-strsafe functions, I think we
> should take that seriously, and at least investigate the difficulty
> (I'm not pushing for it to be replaced anywhere in the code right now,
> because we are already spread too thin).
Newer gcc have checking for strcpy() overflows, and I have local
patches for buffer overflow checking for some of our other string functions.
Meaning ... I am watching at least the Wine Internals ;)
Ciao, Marcus
More information about the wine-devel
mailing list