C4996（功能不安全）预警的strcpy但不适合的memcpy [英] C4996 (function unsafe) warning for strcpy but not for memcpy

问题描述

我写在VS2010 code和我发生编译器编译后，看到给我C4996警告（这个函数或变量可能是不安全），为的strcpy和sprintf调用。

I am writing code in VS2010 and I happen to see after compilation compiler gives me C4996 warning ("This function or variable may be unsafe") for strcpy and sprintf calls.

不过，我不能让类似的警告的memcpy（并可能有几个类似的不安全的功能，在code调用）

However, I couldn't get similar warnings for memcpy (and may be there are few more similar 'unsafe' function calls in the code)

int _tmain(int argc, _TCHAR* argv[])
{
    char buf1[100], buf2[100];
    strcpy (buf1, buf2); // Warning C4996 displayed here asking to use strcpy_s instead
    memcpy (buf1, buf2, 100); // No warning here asking to use memcpy_s
    memcpy_s(buf1, 100, buf2, 100);
    return 0;
}

为什么会这样？我怎样才能打开警告C4996在我的code所有可能不安全的电话？

Why is this so? How can I turn on C4996 warning for all possible unsafe calls in my code?

推荐答案

在一般情况下，编译C code你需要一个符合标准的C编译器。 Visual Studio是一个不合格的C ++编译器。

In general, to compile C code you need a conforming C compiler. Visual Studio is a non-conforming C++ compiler.

您得到警告，因为Visual Studio是坏的。 看到这个。

You get the warning because Visual Studio is bad. See this.

C4996 只要您使用微软认为已经过时的函数出现。显然，微软已决定，它们应决定了C语言的未来，而不是ISO C工作组。因此，你会得到完美的罚款code错误的警告。编译器就是问题所在。

C4996 appears whenever you use a function that Microsoft regards as obsolete. Apparently, Microsoft has decided that they should dictate the future of the C language, rather than the ISO C working group. Thus you get false warnings for perfectly fine code. The compiler is the problem.

有什么毛病的strcpy（）函数，这是一个神话。这个功能已经存在一段30-40岁和它的每一个点点被正确记录。那么，什么功能呢，什么不应该不令人感到惊讶，即使初学者C程序员。

There is nothing wrong with the strcpy() function, that's a myth. This function has existed for some 30-40 years and every little bit of it is properly documented. So what the function does and what it does not should not come as a surprise, even to beginner C programmers.

什么strcpy的和不重要的：

What strcpy does and does not:

• 它拷贝空结尾的字符串到另一个存储位置。


• 它并不需要为错误处理任何责任。


• 它不能修复的bug在调用者的应用程序。


• 它并不需要对教育的C程序员承担任何责任。

由于上面的最后一句话，你必须知道在调用的strcpy之前​​以下内容：

Because of the last remark above, you must know the following before calling strcpy:

• 如果您通过未知长度的strcpy的字符串，不检查提前长度，必须在调用应用程序中的错误。


• 如果您通过不与结束\\ 0 的某些数据块，你必须在调用应用程序中的错误。


• 如果您在重叠的内存位置传递两个指针的strcpy（），这一点上，你未定义行为。这意味着您可以在调用应用程序中的错误。

• If you pass a string of unknown length to strcpy, without checking its length in advance, you have a bug in the caller application.
• If you pass some chunk of data which does not end with \0, you have a bug in the caller application.
• If you pass two pointers to strcpy(), which point at memory locations that overlap, you invoke undefined behavior. Meaning you have a bug in the caller application.

例如，在code你贴，你从来没有初始化数组，这样你的程序将有可能和好如初。这个bug是不相关的strcpy（）函数的丝毫的，不会被别的东西换出的strcpy（）来解决。

For example, in the code you posted, you never initialized the arrays, so your program will likely crash and burn. That bug isn't in the slightest related to the strcpy() function and will not be solved by swapping out strcpy() for something else.

这篇关于C4996（功能不安全）预警的strcpy但不适合的memcpy的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！