Click here to Skip to main content
15,851,453 members
Please Sign up or sign in to vote.
4.00/5 (1 vote)
I've just converted our VS6 MFC project to VS2010 and keep getting:

warning C4996: 'fscanf': This function or variable may be unsafe.


et cetera.

However, when I try to define _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES it either doesn't do anything, or tells me it is already defined (in crtdefs.h).

I don't really want to have to defin it all over the place so is my StdAfx.h the correct (and best) place for these definitions?
Posted

 
Share this answer
 
Comments
Sergey Alexandrovich Kryukov 14-Jun-11 21:52pm    
My 5.
--SA
See: http://msdn.microsoft.com/en-us/library/6ybhk9kc.aspx[^]

"The main difference between the secure functions (with the _s suffix) and the older functions is that the secure functions require the size in characters of each c, C, s, S and [ type field to be passed as an argument immediately following the variable."

There is no way the preprocessor can automatically substitute the secure version fscanf_s for fscanf because the secure version requires different parameters.

You'll have to either fix the fscanf calls yourself or decide to ignore those warnings.

As for where to define _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES, I would either do it on the compiler command line, or in StdAfx.h at the top.
 
Share this answer
 
Comments
Kyudos 14-Jun-11 21:17pm    
Is defining the overload macro supposed to suppress the warnings? Or do I need to define _CRT_SECURE_NO_WARNINGS too?
Sergey Alexandrovich Kryukov 14-Jun-11 21:50pm    
Don't suppress it, fix the function calls!
--SA
Kyudos 14-Jun-11 22:45pm    
Isn't that the point of defining _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES? So I don't have to fix all the functions calls?
TRK3 15-Jun-11 13:37pm    
Defining it will override the function calls that it can. It doesn't suppress the warning. The warning goes away if the function gets overridden with a secure version. Unfortunately not all of the functions can be automatically overridden. Those ones you have to fix.

Generally it's a bad idea to globally suppress the warnings. But you could probably ignore the CRT warning on your initial port -- turn them off so you aren't overwhelmed with them. Fix the other warnings, then turn them on and fix the CRT warnings.

Of course sometimes there really is no security issue (such as fopen vs fopen_s when you are already checking for NULL and aren't multi-threaded or don't care about the error code) -- in those cases you can suppress individual warnings with a #pragma. But that means examining each case (which you should do) and it's usually easier just to fix the function calls then it is to prove your implementation is secure and add the #pragma.

Sergey Alexandrovich Kryukov 14-Jun-11 21:51pm    
My 5.
--SA

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900