Stack Overflow
Stack Overflow

Questions tagged [tr24731]

TR 24731 is a technical report prepared by the ISO C standardization committee, now partially incorporated as optional Annex K in the ISO/IEC 9899:2011 C Standard. Part 1 standardizes some safer bounds-checking functions for use in C and Part 2 relates to functions that do dynamic memory allocation.

The ISO C standardization committee (ISO/IEC JTC1/SC22/WG14) defined two technical reports:

  • TR 24731-1: Extensions to the C Library Part I: Bounds-checking interfaces

    This includes functions such as fopen_s() and strcpy_s() and sprintf_s(), which should be in some sense more secure than earlier analogs in the standard C library, checking for null pointers and buffer overflows. They are based on, but not identical with, functions with the same names in the Microsoft C library.

    It is included as the optional, but normative, Annex K in the current standard, ISO/IEC 9899:2011 'Programming Languages — C'.

    An evaluation from 2015 came to quite unflattering conclusions, basically wanting to recall it completely. n1967 Field Experience with Annex K - Bounds Checking Interfaces

  • TR 24731-2: Extensions to the C Library Part II: Dynamic allocation functions

    This includes functions such as asprintf() and vasprintf() which dynamically allocate enough space for the formatted output, and the getline() and getdelim() functions which are also defined in POSIX 2008, and strdup(). These were not standardized in C 2011.

65 questions
88
votes
5 answers

Do you use the TR 24731 'safe' functions?

The ISO C committee (ISO/IEC JTC1/SC21/WG14) has published TR 24731-1 and is working on TR 24731-2: TR 24731-1: Extensions to the C Library Part I: Bounds-checking interfaces WG14 is working on a TR on safer C library functions. This TR is oriented…
Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
37
votes
1 answer

How to go from fopen to fopen_s

Visual Studio is complaining about fopen. I can't find the proper syntax for changing it. I have: FILE *filepoint = (fopen(fileName, "r")); to FILE *filepoint = (fopen_s(&,fileName, "r")); What is the rest of the first parameter?
beatleman
  • 685
  • 2
  • 7
  • 11
35
votes
3 answers

Difference between scanf and scanf_s

What is the difference between scanf and scanf_s? In the university I have been taught and I am using scanf, but at my personal computer Visual Studio keeps sending this warning. error C4996: 'scanf': This function or variable may be unsafe.…
Tony Andreev
  • 421
  • 1
  • 6
  • 9
32
votes
2 answers

Why is rsize_t defined?

I found that strncpy_s() is defined under VS2013 as errno_t __cdecl strncpy_s ( _Out_writes_z_(_SizeInBytes) char * _Dst, _In_ rsize_t _SizeInBytes, _In_reads_or_z_(_MaxCount) const char * _Src, _In_ rsize_t _MaxCount ); rsize_t…
zangw
  • 43,869
  • 19
  • 177
  • 214
31
votes
6 answers

sprintf_s was not declared in this scope

I have a C program that uses sprintf_s. It works fine in Windows, but when I compile my code in Linux it gives this error: sprintf_s was not declared in this scope. Why does this happen and how can I fix it?
SPB
  • 4,040
  • 16
  • 49
  • 62
27
votes
7 answers

error C4996: 'scanf': This function or variable may be unsafe in c programming

I have created a small application to find max number by using user-defined function with parameter. When I run it, it shows this message Error 1 error C4996: 'scanf': This function or variable may be unsafe. Consider using scanf_s instead.…
Chheang Phearum
  • 299
  • 1
  • 3
  • 10
24
votes
6 answers

Why can't I use fopen?

In the mold of a previous question I asked about the so-called safe library deprecations, I find myself similarly bemused as to why fopen() should be deprecated. The function takes two C strings, and returns a FILE* ptr, or NULL on failure. Where…
JamieH
  • 1,257
  • 3
  • 12
  • 19
24
votes
1 answer

__STDC_LIB_EXT1__ availability in gcc and clang

Since a quick Google search did not find anything, I will try to ask here (since many people involved in gcc/clang hang around here) - What is the status of __STDC_LIB_EXT1__ in gcc/clang? We are developing a cross platform applicataion and I wanted…
Rudolfs Bundulis
  • 11,636
  • 6
  • 33
  • 71
24
votes
2 answers

How can fopen_s be more safe than fopen?

I'm working on legacy code for Windows platform. When I compile the code in VS2013, it give following warning: error C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use…
ZijingWu
  • 3,350
  • 3
  • 25
  • 40
23
votes
1 answer

Why didn't gcc (or glibc) implement _s functions?

_s functions, such as scanf_s, printf_s seems to be optional standard. MSVC has implemented these functions, but gcc hasn't. Is there specific reason for not implementing secure functions? Is scanf of glibc secure enough?
suhdonghwi
  • 955
  • 1
  • 7
  • 20
21
votes
2 answers

strcpy_s not working with gcc

I have a C++11 project, and I added some strcpy_s method calls. This works on windows, but when compiling on gcc, there is an error stating that strcpy_s symbol is not found. I did add the line #define __STDC_WANT_LIB_EXT1__ 1 to the code, to no…
Jacko
  • 12,665
  • 18
  • 75
  • 126
16
votes
2 answers

Missing C11 strerrorlen_s function under MSVC 2017

I'm trying to find which header to include for strerrorlen_s function from C11 standard under MSVC 2017. I need it for allocating space for error message which to get with strerror_s. The code is the following: auto size = strerrorlen_s(errno) +…
bobeff
  • 3,543
  • 3
  • 34
  • 62
16
votes
3 answers

Are there any free implementations of strcpy_s and/or TR24731-1?

I have an old project that is mixed C and C++. It makes extensive use of C strings and of strcpy,strcat,strncpy,strncat etc. I've uncovered a number of buffer overflows, and I'd like to use more secure functions, such as strcpy_s. MSVC includes…
Mark
  • 1,035
  • 2
  • 11
  • 24
15
votes
1 answer

error: use of undeclared identifier 'errno_t'

Here is my dead simple dummy code: #include int main(void) { errno_t e; return 0; } Which surprisingly raises this error: main.c:5:5: error: use of undeclared identifier 'errno_t' errno_t x; ^ I started to follow the…
Peter Varo
  • 11,726
  • 7
  • 55
  • 77
11
votes
2 answers

What is the difference between vsnprintf and vsprintf_s?

I am currently, writing a code for string manipulation. As part of this, I am using vsnprintf(). However, compiler flashes below error message: dont_call: vsnprintf(). Invokation of a potentially dangerous function that could introduce a…
Sanman
  • 129
  • 1
  • 6
1
2 3 4 5