C4996,fopen不推荐使用:为什么?(不:如何抑制) [英] C4996, fopen deprecated: Why? (NOT: How to suppress)
问题描述
fopen 的不安全之处是什么? fopen_s 的不安全之处是什么?
What is unsafe with fopen that's more safe with fopen_s?
如何安全地使用fopen(如果可能)?
How can fopen be used in a safe way (if possible)?
(我不想知道如何抑制警告-有足够的stackoverflow文章来回答该问题)
(I don't want to know how to suppress the warning - there are enough stackoverflow articles that answer that question)
问题被关闭为基于观点"(即使只有一个答案,我对此也没有太多意见).我将尝试重述一下:如果有人可以显示Microsoft(不推荐使用该功能的文档)来说明为什么不推荐使用该文档的方式/位置,那将是很好的选择.
Question was closed as "opinion based" (even though there is only one answer and I don't see much opinion in that). I'll try to rephrase a bit: It would be nice if someone could show how/where to find the documentation by Microsoft (who deprecated the function) that explains why it was deprecated.
推荐答案
Microsoft CRT实现了C11附件K中描述的安全库增强功能.这是规范性的但非强制性的.在第K.3.5.2.1节中描述了fopen_s().也包含在规则中CERT研究所的FIO06-C .
The Microsoft CRT implements the secure library enhancements described in C11 Annex K. Which is normative but not mandatory. fopen_s() is described in section K.3.5.2.1. Also covered by rule FIO06-C of the CERT institute.
问题在于fopen()可以追溯到更简单的时间,那时程序员仍然可以认为他们的程序是唯一一个操作文件.一个从未真正成立的假设.它没有方法来描述如何限制其他进程对文件的访问,CRT实现传统上是在不拒绝任何访问的情况下打开文件的.已使用非标准替代方法来解决此问题,例如 _fsopen().
At issue is that fopen() dates from simpler times when programmers could still assume that their program was the only one manipulating files. An assumption that has never really been true. It does not have a way to describe how access to the file by other processes is limited, CRT implementations traditionally opened the file without denying any access. Non-standard alternatives have been used to fix this problem, like _fsopen().
如果打开文件进行写入,这将产生后果,另一个进程也可以打开文件进行写入,并且文件内容将无可救药地损坏.如果在另一个进程正在写入文件的同时打开文件进行读取,则文件内容的视图是不可预测的.
This has consequences if the file is opened for writing, another process can also open the file for writing and the file content will be hopelessly corrupted. If the file is opened for reading while another process is writing to it then the view of the file content is unpredictable.
fopen_s()通过拒绝打开文件以进行写入的所有访问,并且仅允许打开文件以进行读取的访问来解决这些问题.
fopen_s() solves these problems by denying all access if the file is opened for writing and only allowing read access when the file is opened for reading.
这篇关于C4996,fopen不推荐使用:为什么?(不:如何抑制)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
