Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set _CRT_SECURE_NO_WARNINGS in gsw_check_functions.c #83

Merged
merged 1 commit into from
Nov 12, 2024
Merged

Set _CRT_SECURE_NO_WARNINGS in gsw_check_functions.c #83

merged 1 commit into from
Nov 12, 2024

Conversation

peter-urban
Copy link
Collaborator

@peter-urban peter-urban commented Nov 12, 2024
edited
Loading

Relates to #77

Compiling on windows (with clang-cl or with msvc on a higher warning level) creates a number of these warnings

warning: 'strcat' is deprecated: This function or variable may be unsafe. Consider using strcat_s instead.

It would be possible with to replace the strcat, strncat and strcpy functions by strcat_s etc. However, these functions only appear in gsw_check_functions.c. And personally I don't think increasing memory safety / security is something to worry about in this test executable.

defining _CRT_SECURE_NO_WARNINGS ignores these msvc/windows specific "security" warnings. Since _CRT_SECURE_NO_WARNINGS is only defined in the gsw_check_functions.c, the warnings would still be displayed if these functions would be used within the main library.

If you disagree let me know, I can certainly ask co-pilot to show me how to replace strcat with strcat_s ;-)

@peter-urban peter-urban force-pushed the ignore_strcat_security_warnings_for_the_test_executable branch from 7fbd3ec to 0063928 Compare November 12, 2024 21:03
@peter-urban peter-urban mentioned this pull request Nov 12, 2024
Open
@peter-urban
Set _CRT_SECURE_NO_WARNINGS in gsw_check_functions.c
5ab356d 
This ignores MSVC warnings about unsafe functions in the gsw_check_functions.c
file (strcpy strncat strcat). While the security advice may be sound in the
context of the main library, these functions are are not a security risk in
the context of this test executable.
@peter-urban peter-urban force-pushed the ignore_strcat_security_warnings_for_the_test_executable branch from 0063928 to 5ab356d Compare November 12, 2024 21:24
@efiring
Copy link
Member

efiring commented Nov 12, 2024

I agree with this strategy. Note that string concatenation in C is a bit of a mess, with
several ways to do it, and with some, including strcat_s, being non-portable. One
discussion is
here: https://sternumiot.com/iot-blog/strcat-function-in-c-syntax-examples-and-security-best-practices/
It's not great (examples are poor, to my eye), but it at least shows alternative functions
that can be used.

@efiring efiring merged commit e43a95c into TEOS-10:main Nov 12, 2024
19 checks passed
@efiring
Copy link
Member

efiring commented Nov 12, 2024

Point of information to add to my previous comment: there are safe uses of strcat and
unsafe uses of most, if not all, alternatives.

@peter-urban peter-urban deleted the ignore_strcat_security_warnings_for_the_test_executable branch November 12, 2024 21:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efiring efiring efiring approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@peter-urban @efiring