id,summary,reporter,owner,description,type,status,milestone,component,version,severity,resolution,keywords,cc
1505,Secure template overloads with VC++ 2005/8,John Pavel <jrp@…>,John Maddock,"VC++ 2008 provides 

Many CRT functions have been deprecated in favor of newer, security-enhanced versions (for example, strcpy_s is the more secure replacement for strcpy). The CRT provides template overloads to help ease the transition to the more secure variants.

Defining _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES to be 1 enables template overloads of standard CRT functions that call the more secure variants automatically. If _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES is 1, then no changes to the code are necessary. A call to strcpy will be changed to a call to strcpy_s with the size argument supplied automatically.

Would it be possible to set in the default VC++ 2005/8 config

#define _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES 1

See http://msdn2.microsoft.com/en-us/library/ms175759(VS.90).aspx for more details.

In addition functions that take a count, such as strncpy, can be picked up. To enable template overloads for the count functions, define _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES_COUNT to be 1. Before doing so, however, make sure that your code passes the count of characters, not the size of the buffer (a common mistake). Also, code that explicitly writes a null terminator at the end of the buffer after the function call is unnecessary if the secure variant is called. If you need truncation behavior, see _TRUNCATE.


",Feature Requests,closed,Boost 1.35.0,config,Boost Development Trunk,Optimization,wontfix,,