Unsecured API functions

Stefan Dösinger stefan at codeweavers.com
Fri May 4 04:39:53 CDT 2007

Am Donnerstag 03 Mai 2007 23:58 schrieb Tom Spear:
> On 5/3/07, Marcus Meissner <marcus at jet.franken.de> wrote:
> > wine is not using gets() at all, insofar there is no risk from it.
> That much I knew, however we do use strcpy (especially in msi), and
> that is another one that has been deprecated ("banned")..
Afair some time ago part of the code was using strncpy which has a destination 
size count and is sometimes considered safe because of that. The strncpy 
calls were removed some time ago. Not sure why, but I think thats because 
strncpy has tricky cavecats too, like not necessarily terminating the string 
with '\0'. I don't know about the _s APIs, but I guess they're not fool prove 
either and look like a sort of embrace and extend to me.

As for applications using the safe functions I think Frank is right and they 
are implemented in the visual studio specifc msvcrt dlls, thus wine doesn't 
have to implement them. My Visual Studio 6 doesn't know them.

More information about the wine-devel mailing list