Avoid certain functions in C/C++
Dr Andrew John Hughes
ahughes at redhat.com
Fri Apr 8 00:49:40 UTC 2011
On 08:50 Wed 06 Apr , Kelly O'Hair wrote:
>
> Just an FYI...
>
> Anyone working with C/C++ should be well aware of the functions we should be avoiding:
> http://hub.opensolaris.org/bin/view/Community+Group+security/funclist
>
> Microsoft has used the term "banned" and has a much more extensive list:
> http://msdn.microsoft.com/en-us/library/bb288454.aspx
>
> Unfortunately, we often cannot use the recommended replacements unless we know that the
> replacement is available on all platforms, however, some are fairly obvious, like using snprintf
> instead of sprintf.
>
> Functions like sprintf, vsprintf, strcat, strcpy, access, chmod, chown, lchown, chdir, ...
> all have know issues or have caused too many common mistakes over the years, we need to
> avoid the use of these functions.
>
Thanks for the list. That'll surely prove a useful reference.
Have you considered using autoconf in OpenJDK? It was pretty much designed for just this
scenario (checking the availability of functions).
> -kto
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: F5862A37 (https://keys.indymedia.org/)
Fingerprint = EA30 D855 D50F 90CD F54D 0698 0713 C3ED F586 2A37
More information about the build-dev
mailing list