如何摆脱“不安全"? Visual Studio中的警告/错误(strcpy,sprintf,strdup)
我试图摆脱一些编译器警告,这些警告说strcpy,sprintf等不安全. 我知道为什么它们不安全,但是我想不出以C ++风格修复代码的好方法.
I'm trying to get rid of some compiler warnings that say strcpy, sprintf, etc are unsafe. I get why they're unsafe, but I can't think of a good way to fix the code, in a C++ style.
以下是代码摘录:
extList->names[i]=(char *)malloc(length*sizeof(char));
strcpy(extList->names[i],extName); // unsafe
// strncpy(extList->names[i],extName,length); // also unsafe
这是消息:
C4996:'strcpy':此函数或变量可能是 不安全.考虑改用strcpy_s.要禁用弃用,请使用 _CRT_SECURE_NO_WARNINGS.有关详细信息,请参见在线帮助.
C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
在不知道要复制的内容长度的情况下,我想不出一种安全的方法来在C ++中复制数据. 我知道这里有strlen(),但这也不安全,因为它假设(可能是错误地)假设数据以null结尾.
I can't think of a safe way to copy the data over in C++ without knowing the length of the stuff to copy. I know there's strlen(), but that's also unsafe since it assumes (maybe incorrectly) that the data is null-terminated.
也:
// used to concatenate:
sprintf(extStr,"%s%s",platExtStr,glExtStr);
C4996:'sprintf':此函数或变量可能不安全.考虑 而是使用sprintf_s.要禁用弃用,请使用 _CRT_SECURE_NO_WARNINGS.有关详细信息,请参见在线帮助.
C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
使用std :: string进行连接很容易,但是随后我需要以某种方式将数据获取到extStr中(而不是使用strcpy,lol). string :: c_str()函数返回一个指向不可修改数据的指针,因此我不能仅将extStr设置为等于它. (而且我什至不确定c_str()指针是否需要稍后调用它的delete?它是否使用"new"分配空间?)
Using std::string to concatenate is easy enough, but then I need to get the data into extStr somehow (and not using strcpy, lol). The string::c_str() function returns a pointer to un-modifiable data, so I can't just set extStr equal to it. (And I'm not even sure if the c_str() pointer needs delete called on it later? Does it allocate space using "new"?)
对这个东西有什么建议吗? 这是10,000行文件的一部分,这不是我的文件,所以我不太想用C ++方式重写它.
Any advice on this stuff? This is part of a 10,000 line file that's not mine... so I'm not exactly keen on re-writing the thing in the C++ way.
您实际上并不需要编译指示来禁用它们.
You don't really need pragmas to disable them.
对于win32/msvc,在ProjectProperties->配置属性-> C/C ++-> Preprocessor-> Preprocessor Definitions中,添加以下宏:
For win32/msvc, in ProjectProperties -> Configuration Properties -> C/C++ -> Preprocessor -> Preprocessor Definitions, add following macros:
_CRT_SECURE_NO_DEPRECATE
_CRT_NONSTDC_NO_DEPRECATE
或者您可以在命令行参数中传递(-D_CRT_SECURE_NO_DEPRECATE).您可能可以在某些* .cpp文件的开头#define它们. 另外,它们可能更多(请参阅crtdefs.h-看起来有很多...).这些警告通常会告诉您可以使用哪些宏禁用它们-只需读取编译器输出即可.
Or you can pass thos in command line parameters (-D_CRT_SECURE_NO_DEPRECATE). You can probably #define them at the beginning of certain *.cpp files. Also, there are probably more of them (see crtdefs.h - looks like there are a lot of them...). Those kind of warnings normally tell you with which macros you can disable them - just read compiler output.