Page History

...

#include &lt;stdio.h&gt;<stdio.h>
#ifndef __USE_ISOC99
  /* reimplements vsnprintf() */
  #include &quot;"my_stdio.h&quot;"
#endif

Risk Assessment

Replacing secure functions with less secure functions is a very risky practice, because developers can be easily fooled into trusting the function to perform a security check that is absent. This may be a concern, for example, as developers attempt to adopt more secure functions, like the ISO/IEC TR 24731-1 functions (see STR07-C. Use TR 24731 for remediation of existing string manipulation code) that might not be available on all platforms.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as PRE09-CPP. Do not replace secure functions with less secure functions.

References

\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.19.6.12, ""The {{vsnprintf}} function""
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] ""XYS Executing or Loading Untrusted Code""
\[[Open Group 04|AA. C References#Open Group 04]\] [{{vsnprintf()}}|http://www.opengroup.org/onlinepubs/009695399/functions/vsnprintf.html]
\[[Seacord 05a|AA. C References#Seacord 05]\] Chapter 6, ""Formatted Output""
\[[VU#654390|AA. C References#VU#654390]\]

...

            01. Preprocessor (PRE)              PRE10-C. Wrap multi-statement macros in a do-while loop