FOPEN / fopen_s和写入文件 [英] fopen / fopen_s and writing to files
问题描述
我使用的fopen用C写的输出到一个文本文件中。该函数声明为(其中 ARRAY_SIZE 已被定义或更早):
无效create_out_file(字符FILE_NAME [],长双* Z1){
FILE *出;
INT I; 如果((OUT = FOPEN(FILE_NAME,W +))== NULL){
fprintf中(标准错误,***指输出文件%s打开错误,FILE_NAME);
出口(-1);
} 对于(i = 0; I< ARRAY_SIZE;我++)
fprintf中(满分,%.16Le \\ n,Z1 [I]);
FCLOSE(出);
}
我的问题:
-
在与MVS2008编译我得到警告:警告C4996:'F打开:此函数或变量可能是不安全的。考虑使用,而不是fopen_s。我还没有看到
fopen_s多的信息,这样我可以改变我的code。有什么建议么? -
一个可以指示
fprintf中写在所需的数值precision号以文件?如果我用长双那么我想,我的回答都不错,直到小数点后15位。我对吗?
fopen_s 是的fopen 的一个变体包含参数验证和手回一个错误code,而不是在一些情况下,一个指针超出在开放过程中出错。它比基本表现形式,因为它占了更多的优势条件,更安全。编译器警告你使用它,因为的fopen 重新presents潜在开采矢量在应用程序中。
您可以通过使用说明%。XG 的printf 系列函数的数字>,其中的 X 是在输出需要precision的数字。 A 长双变化,从平台到平台precision,但你通常可以赌它是十进制precision至少有16位。
编辑:那 fopen_s 是虽然我不完全与谁是暗示他人板的完整的浪费时间,但它确实再present一个pretty剥削低的机会,它没有得到广泛的支持。一些其他的功能,警告在C4996更为严重的安全漏洞,但是,使用 _CRT_SECURE_NO_WARNINGS 是关闭报警为你离开你的卧室门上锁相当于和你在厨房里留下了核弹。
只要你不局限于使用纯C为你的项目(如学校作业或嵌入式微控制器),你会很好地利用的事实,几乎所有的现代C编译器也是C ++编译器并使用C ++所有这些I / O功能的的iostream 的变种,以同时获得更高的安全性的和的同时兼容性。
I'm using fopen in C to write the output to a text file. The function declaration is (where ARRAY_SIZE has been defined earlier):
void create_out_file(char file_name[],long double *z1){
FILE *out;
int i;
if((out = fopen(file_name, "w+")) == NULL){
fprintf(stderr, "***> Open error on output file %s", file_name);
exit(-1);
}
for(i = 0; i < ARRAY_SIZE; i++)
fprintf(out, "%.16Le\n", z1[i]);
fclose(out);
}
My questions:
On compilation with MVS2008 I get the warning: warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. I haven't see much information on
fopen_sso that I can change my code. Any suggestions?Can one instruct
fprintfto write numbers at a desired numerical precision to a file? If I'm usinglong doublethen I assume that my answers are good till 15 digits after the decimal point. Am I right?
fopen_s is a variant of fopen which contains parameter validation and hands back an error code instead of a pointer in case something goes wrong during the open process. It's more secure than the base variant because it accounts for more edge conditions. The compiler is warning you to use it because fopen represents a potential exploitation vector in your application.
You can specify digits of precision to the printf family of functions by using the specifier %.xg, where x is the digits of precision you want in the output. A long double varies in precision from platform to platform, but you can generally bet on it being at least 16 digits of decimal precision.
Edit: While I'm not entirely on board with the others who are suggesting that fopen_s is a complete waste of time, it does represent a pretty low chance of exploitation and it isn't widely supported. Some of the other functions warned about under C4996 are much more serious vulnerabilities, however, and using _CRT_SECURE_NO_WARNINGS is the equivalent of turning off the alarm for both "you left your bedroom door unlocked" and "you left a nuclear bomb in the kitchen".
As long as you aren't restricted to using "pure C" for your project (e.g. for a school assignment or an embedded microcontroller), you would do well to exploit the fact that almost all modern C compilers are also C++ compilers and use the C++ iostream variants of all of these I/O functions in order to get both improved security and compatibility at the same time.
这篇关于FOPEN / fopen_s和写入文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
