24

Since a quick Google search did not find anything, I will try to ask here (since many people involved in gcc/clang hang around here) - What is the status of __STDC_LIB_EXT1__ in gcc/clang? We are developing a cross platform applicataion and I wanted to use some of the safe bounds checking functions from <stdio.h> (which by miracle are available on Visual Studio 2017), but could not compile the code with Xcode 9.2. I assumed maybe the clang version Xcode uses is outdated, but gcc 6.3.0 on Ubuntu behaves the same. I am trying to use tmpnam_s with the following sample:

#if defined(__STDC_LIB_EXT1__)
#define  __STDC_WANT_LIB_EXT1__ 1
#include <stdio.h>
#else
#error "__STDC_LIB_EXT1__ not defined"
#endif

int main(int argc, char** argv)
{
    char t[L_tmpnam_s]; 
    tmpnam_s(t, L_tmpnam_s);
    return 0;
}

But the compilation fails with the macro not being defined:

gcc -std=c11 test.c
test.c:5:2: error: #error "__STDC_LIB_EXT1__ not defined"
#error "__STDC_LIB_EXT1__ not defined"
^~~~~

Am I doing something wrong or this function set is simply poorly supported?

Deduplicator
  • 44,692
  • 7
  • 66
  • 118
Rudolfs Bundulis
  • 11,636
  • 6
  • 33
  • 71
  • 2
    It is, afaik, poorly supported. The only reason VS has it is because it comes from there, pretty much. VS does however not support any C standard new or old, so that's another issue. – Lundin Dec 18 '17 at 12:15
  • 2
    "safe bounds checking", there function made by Microsoft are only use by Microsoft dev. Nobody in C world need that cause there are totally useless. Committee add these optionnel function because Microsoft want it. There are redondant with other function and are not more safe than classic function. – Stargateur Dec 18 '17 at 12:30
  • If you want do compile and run-time check with gcc and clang you should use `-D_FORTIFY_SOURCE=2`. This is much more easy because compile will do the job for you. https://blog.quarkslab.com/clang-hardening-cheat-sheet.html – Stargateur Dec 18 '17 at 12:35
  • @Stargateur I simply wanted portable code. Visual Studio 2017 complains if the unsafe functions are used (ofc I can turn that off as last resort). – Rudolfs Bundulis Dec 18 '17 at 12:50
  • 3
    Even though MS proposed these functions, their implementation differs slightly from the final C standard appendix. So even if the other compilers were to implement the standard, the code would still not be portable. Disabling the warnings seems like the best idea. – Bo Persson Dec 18 '17 at 13:43
  • Do you know if GCC supports this now? I have the same issue – Gert Kommer Jun 18 '20 at 12:55

1 Answers1

25

The whole set of 'safe' functions with the _s suffixes is poorly supported. Microsoft wrote a set of functions with the _s suffixes and submitted that to the C standard committee to be standardized. The committee made some changes (arguably out of necessity), and created a technical report, TR 24731-1. A mildly modified version of the TR was included as optional Annex K (normative) in the C11 standard, ISO/IEC 9899:2011.

You can find many sordid details in the answers to Do you use the TR-24731 "safer" functions?, especially in the notes in my answer to that question, and especially the link to the Standard C committee document N1967 Field Experience with Annex K — Bounds Checking Interfaces.

I don't know what the current status of the N1967 proposal is, but that it was suggested is telling. N1967 also contains links to libraries that support Annex K / TR-24731-1 — the list is limited.

Note that Microsoft does not implement the library specified by the C11 standard. It implements an approximation to the standard, but there are crucial differences. This would matter more if any other system had implemented the standard — but the functions have not been implemented in any widely accepted form (so, for example, the GNU C Library does not and will not support them).

Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
  • Re: "crucial differences": the [`clock`](https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/clock?view=msvc-170) is one example: "Note that this function does not strictly conform to ISO C, which specifies net CPU time as the return value". – pmor Apr 01 '22 at 13:12