SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 11

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 12

changes.mady.by.user Thomas Plum

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
The following functions are obsolescent and should be avoided in favor of either the portable equivalent or, if available, the more secure alternativealternatives defined in \[[ISO/IEC TR 24731-1|AA. Bibliography#ISO/IEC TR 24731-1-2007]\] Extensions to the C Library, —--- Part I: Bounds-checking interfaces, and
\[[ISO/IEC TR 24731-2|AA. Bibliography#ISO/IEC TR 24731-2-2010]\] Extensions to the C Library, --- Part II: xxxx.  [xxxx add the Part II functions in the list below]

Function

Portable Equivalent

Secure Alternative

asctime()

 

asctime_s()

atof()

strtod()

 

atoi()

strtol()

 

atol()

strtol()

 

atoll()

strtoll()

 

bsearch()

 

bsearch_s()

ctime()

 

ctime_s

fopen()

 

fopen_s()

fprintf()

 

fprintf_s()

freopen()

 

freopen_s()

fscanf()

 

fscanf_s()

fwprintf()

 

fwprintf_s()

fwscanf()

 

fwscanf_s()

getenv()

 

getenv_s()

gmtime()

 

gmtime_s()

localtime()

 

localtime_s()

mbsrtowcs()

 

mbsrtowcs_s()

mbstowcs()

 

mbstowcs_s()

memcpy()

 

memcpy_s()

memmove()

 

memmove_s()

printf()

 

printf_s()

qsort()

 

qsort_s()

remove()

 

 

rename()

 

 

rewind()

fseek()

 

setbuf()

vsetbuf()

 

snprintf()

 

snprintf_s()

sprintf()

 

sprintf_s()

sscanf()

 

sscanf_s()

strcat()

 

strcat_s()

strcpy()

stpcpy()

strcpy_s()

strerror()

strerror_r()

strerror_s()

strncat()

 

strncat_s()

strncpy()

stpncpy()

strncpy_s()

strtok()

strtok_r()

strtok_s()

swprintf()

 

swprintf_s()

swscanf()

 

swscanf_s()

tmpfile()

mkstemp()

tmpfile_s()

tmpfile_s()

mkstemp()

 

tmpnam()

mkstemp()

tmpnam_s()

tmpnam_s()

mkstemp()

 

vfprintf()

 

vfprintf_s()

vfscanf()

 

vfscanf_s()

vfwprintf()

 

vfwprintf_s()

vfwscanf()

 

vfwscanf_s()

vprintf()

 

vprintf_s()

vscanf()

 

vscanf_s()

vsnprintf()

 

vsnprintf_s()

vsprintf()

 

vsprintf_s()

vsscanf()

 

vsscanf_s()

vswprintf()

 

vswprintf_s()

vswscanf()

 

vswscanf_s()

vwprintf()

 

vwprintf_s()

vwscanf()

 

vwscanf_s()

wcrtomb()

 

wcrtomb_s()

wcscat()

 

wcscat_s()

wcscpy()

 

wcscpy_s()

wcsncat()

 

wcsncat_s()

wcsncpy()

 

wcsncpy_s()

wcsrtombs()

 

wcsrtombs_s()

wcstok()

 

wcstok_s()

wcstombs()

 

wcstombs_s()

wctomb()

 

wctomb_s()

wmemcpy()

 

wmemcpy_s()

wmemmove()

 

wmemmove_r()

wprintf()

 

wprintf_s()

wscanf()

 

wscanf_s()

...

In this compliant solution, strcat() and strcpy() are replaced by strcat_s() and strcpy_s().

Code Block
bgColor#ccccFF


enum { BUFFERSIZE=256 };

void complain(const char *msg) {
  static const char prefix[] = "Error: ";
  static const char suffix[] = "\n";
  char buf[BUFFERSIZE];

  strcpy_s(buf, BUFFERSIZE, prefix);
  strcat_s(buf, BUFFERSIZE, msg);
  strcat_s(buf, BUFFERSIZE, suffix);
  fputs(buf, stderr);
}

...