Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The gets() function was deprecated by Technical Corrigendum 3 to C99 and eliminated from C11.  The Annex K gets_s() function is a recommended alternative to gets().

Obsolescent Functions

Functions in the first column of the following table are hereby defined to be obsolescent functions. To remediate invocations of obsolescent functions, an application might use inline coding that, in all respects, conforms to this guideline, or an alternative library that, in all respects, conforms to this guideline, or alternative non-obsolescent functions.

...

Unchecked Obsolescent Functions

The following If you are using platforms that support Annex K, then functions in the first column of the following table are hereby defined to be unchecked obsolescent functions:, with functions in the second column being the recommended alternatives from Annex K.

Obsolescent

Functions


Function

Annex K

Recommended

Alternatives


Alternative

bsearch()bsearch_s()
fprintf()fprintf_s()
fscanf()fscanf_s()
fwprintf()fwprintf_s()
fwscanf()fwscanf_s()
getenv()getenv_s()
gmtime()gmtime_s()
localtime()localtime_s()
mbsrtowcs()mbsrtowcs_s()
mbstowcs()mbstowcs_s()
memcpy()memcpy_s()
memmove()memmove_s()
printf()printf_s()
qsort()qsort_s()
scanf()scanf_s()
snprintf()snprintf_s()
sprintf()sprintf_s()
sscanf()sscanf_s()
strcat()strcat_s()
strcpy()strcpy_s()
strerror()strerror_s()
strlen()strnlen_s()
strncat()strncat_s()
strncpy()strncpy_s()
strtok()strtok_s()
swprintf()swprintf_s()
swscanf()swscanf_s()
vfprintf()vfprintf_s()
vfscanf()vfscanf_s()
vfwprintf()vfwprintf_s()
vfwscanf()vfwscanf_s()
vprintf()vprintf_s()
vscanf()vscanf_s()
vsnprintf()vsnprintf_s()
vsprintf()vsprintf_s()
vsscanf()vsscanf_s()
vswprintf()vswprintf_s()
vswscanf()vswscanf_s()
vwprintf()vwprintf_s()
vwscanf()vwscanf_s()
wcrtomb()wcrtomb_s()
wcscat()wcscat_s()
wcscpy()wcscpy_s()
wcslen()wcsnlen_s()
wcsncat()wcsncat_s()
wcsncpy()wcsncpy_s()
wcsrtombs()wcsrtombs_s()
wcstok()wcstok_s()
wcstombs()wcstombs_s()
wctomb()wctomb_s()
wmemcpy()wmemcpy_s()
wmemmove()wmemmove_s()
wprintf()wprintf_s()
wscanf()wscanf_s()

bsearch

fprintf

fscanf

fwprintf

fwscanf

getenv

gmtime

localtime

mbsrtowcs

mbstowcs

memcpy

memmove

printf

qsort

setbuf

snprintf

sprintf

sscanf

strcat

strcpy

strerror

strncat

strncpy

strtok

swprintf

swscanf

vfprintf

vfscanf

vfwprintf

vfwscanf

vprintf

vscanf

vsnprintf

vsprintf

vsscanf

vswprintf

vswscanf

vwprintf

vwscanf

wcrtomb

wcscat

wcscpy

wcsncat

wcsncpy

wcsrtombs

wcstok

wcstombs

wctomb

wmemcpy

wmemmove

wprintf

wscanf

To remediate invocations of unchecked obsolescent functions, an application might use inline coding that, in all respects, conforms to this guideline, or an alternative library that, in all respects, conforms to this guideline, or alternative nonobsolescent functions from C11, Annex K:

...

abort_handler_s

...

bsearch_s

...

fprintf_s

...

freopen_s

...

fscanf_s

...

fwprintf_s

...

fwscanf_s

...

getenv_s

...

gets_s

...

gmtime_s

...

ignore_handler_s

...

localtime_s

...

mbsrtowcs_s

...

mbstowcs_s

...

memcpy_s

...

memmove_s

...

printf_s

...

qsort_s

...

scanf_s

...

set_constraint_handler_s

...

snprintf_s

...

snwprintf_s

...

sprintf_s

...

sscanf_s

...

strcat_s

...

strcpy_s

...

strerror_s

...

strerrorlen_s

...

strncat_s

...

strncpy_s

...

strnlen_s

...

strtok_s

...

swprintf_s

...

swscanf_s

...

vfprintf_s

...

vfscanf_s

...

vfwprintf_s

...

vfwscanf_s

...

vprintf_s

...

vscanf_s

...

vsnprintf_s

...

vsnwprintf_s

...

vsprintf_s

...

vsscanf_s

...

vswprintf_s

...

vswscanf_s

...

vwprintf_s

...

vwscanf_s

...

wcrtomb_s

...

wcrtoms_s

...

wcscat_s

...

wcscpy_s

...

wcsncat_s

...

wcsncpy_s

...

wcsnlen_s

...

wcsrtombs_s

...

wcstok_s

...

wcstombs_s

...

wctomb_s

...

wmemcpy_s

...

wmemmove_s

For information on the tmpfile() and tmpfile_s() functions, see FIO21-C. Do not create temporary files in shared directories.
For information on the memset() and memset_s() functions, see MSC06-C. Beware of compiler optimizations.

To remediate invocations of obsolescent functions, an application might use any of the following recommended functions from ISO

...

wprintf_s

...

wscanf_s

or alternative nonobsolescent functions from ISO/IEC TR 24731-2, Extensions to the C Library—Part II: Dynamic Allocation Functions [ISO/IEC TR 24731-2]:

...

[Apple 2006]Apple Secure Coding Guide, "Avoiding Race Conditions and Insecure File Operations"
[Burch 2006]Specifications for Managed Strings, Second Edition
[Drepper 2006]Section 2.2.1 "Identification When Opening"
[IEEE Std 1003.1:2013]XSH, System Interfaces, open
ISO/IEC 23360-1:2006
[ISO/IEC WG14 N1173]Rationale for TR 24731 Extensions to the C Library Part I: Bounds-checking interfaces
[Klein 2002]"Bullet Proof Integer Input Using strtol()"
[Linux 2008]strtok(3)
[Seacord 2013]Chapter 2, "Strings"
Chapter 8, "File I/O"
[Seacord 2005b]"Managed String Library for C, C/C++"


...

Image Modified