2

I'm currently trying to get some C code that I originally wrote for linux (gcc) to build on a win32 box.

The MSVC compiler is giving me warnings for all my printf and scanf usage suggesting I should use printf_s and scanf_s instead as a more secure alternative.

Its never nice to ignore 100's of compiler warnings, but should I in this instance?

Is there a simple workaround to fix this? Perhaps encapsulate those functions in a platform specific preprocessor directive?

harper
  • 13,345
  • 8
  • 56
  • 105
bph
  • 10,728
  • 15
  • 60
  • 135
  • https://stackoverflow.com/questions/4605842/how-to-identify-platform-compiler-from-preprocessor-macros – Abhineet Feb 13 '18 at 12:17
  • 2
    If you are using `printf` & `scanf` securely, i.e., not letting any of these to write past the supplied buffer, you can ignore those warnings. Anyhow, with platform specific preprocessor directive, you are going to use secure functions for Windows but same old insecure functions for linux. So, better use them without any bug. – Abhineet Feb 13 '18 at 12:20
  • there doesn't seem to be equivalent functions available for gcc. I did have a quick look at printf_s and there doesn't seem to be any difference in the args than for printf - does beg the question why you wouldn't just apply those security enhancements for the existing function? – bph Feb 13 '18 at 13:18
  • 1
    @bgh `fprintf_s()` does not allow `"%n"`, `fprintf()` does allow `"%n"`. – chux - Reinstate Monica Feb 13 '18 at 13:40
  • 1
    " ... instead as a more secure alternative." `_s` functions are not completely _more secure_. They offer some benefits yet incur other risks. A big drawback for _Cross Platform_ code is doubling select code maintenance, A functional/error difference in one path will not show in the other. – chux - Reinstate Monica Feb 13 '18 at 13:50
  • I *think* I can safely say I've never used the %n specifier with any stdio function - very esoteric? – bph Feb 13 '18 at 13:52

1 Answers1

0

You can suppress these warning by defining _CRT_SECURE_NO_DEPRECATE before the #include statements. But you should consider to use the new, secure functions.

harper
  • 13,345
  • 8
  • 56
  • 105
  • 1
    Question is though how to achieve that? Maybe a wrapper function for every stdio function affected with a platform specific if def in there? C on MSVS is a right old pain, is like they are actively trying to be as non compliant as possible? – bph Feb 14 '18 at 11:40