Boost C++ Libraries: Ticket #1505: Secure template overloads with VC++ 2005/8 https://svn.boost.org/trac10/ticket/1505 <p> VC++ 2008 provides </p> <p> Many CRT functions have been deprecated in favor of newer, security-enhanced versions (for example, strcpy_s is the more secure replacement for strcpy). The CRT provides template overloads to help ease the transition to the more secure variants. </p> <p> Defining _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES to be 1 enables template overloads of standard CRT functions that call the more secure variants automatically. If _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES is 1, then no changes to the code are necessary. A call to strcpy will be changed to a call to strcpy_s with the size argument supplied automatically. </p> <p> Would it be possible to set in the default VC++ 2005/8 config </p> <p> #define _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES 1 </p> <p> See <a class="ext-link" href="http://msdn2.microsoft.com/en-us/library/ms175759(VS.90).aspx"><span class="icon">​</span>http://msdn2.microsoft.com/en-us/library/ms175759(VS.90).aspx</a> for more details. </p> <p> In addition functions that take a count, such as strncpy, can be picked up. To enable template overloads for the count functions, define _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES_COUNT to be 1. Before doing so, however, make sure that your code passes the count of characters, not the size of the buffer (a common mistake). Also, code that explicitly writes a null terminator at the end of the buffer after the function call is unnecessary if the secure variant is called. If you need truncation behavior, see _TRUNCATE. </p> en-us Boost C++ Libraries /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/1505 Trac 1.4.3 Peter Myerscough-Jackopson Tue, 11 Dec 2007 09:51:35 GMT <link>https://svn.boost.org/trac10/ticket/1505#comment:1 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/1505#comment:1</guid> <description> <p> This is not default C/C++ behaviour, and although this option is available in MSVC++ should it not be turned on explicitly by the user of BOOST. If the change is so transparent I should be able to turn it on or off, but if BOOST automatically turns it on and I want it off this will cause unending problems. Similarly for portability reasons I will get different behaviour when moving from an MSVC++ platform to a non-MSVC++ platform, and the reason will be hidden from me. </p> </description> <category>Ticket</category> </item> <item> <dc:creator>John Maddock</dc:creator> <pubDate>Mon, 14 Jan 2008 16:27:58 GMT</pubDate> <title>status changed; resolution set https://svn.boost.org/trac10/ticket/1505#comment:2 https://svn.boost.org/trac10/ticket/1505#comment:2 <ul> <li><strong>status</strong> <span class="trac-field-old">new</span> → <span class="trac-field-new">closed</span> </li> <li><strong>resolution</strong> → <span class="trac-field-new">wontfix</span> </li> </ul> <p> John: I'm also really not sure about this, it very much feels like the wrong thing to do to change this setting in a *header*. If you really think we should go down this route, please reopen *and* raise the issue for discussion on the list. </p> <p> Regards, John Maddock. </p> Ticket