Warnings associated with sdks

[Guest]

Hello,

I am getting several warnings associated with direct x h files. I'll post
one of them as an example:

1>C:\Program Files\Microsoft DirectX SDK (February
2007)\Include\strsafe.h(5595) : warning C4996: '_vsnprintf': This function or
variable may be unsafe. Consider using _vsnprintf_s instead. To disable
deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
1> C:\Program Files\Microsoft Visual Studio 8\VC\include\stdio.h(339)
: see declaration of '_vsnprintf'


I see _CRT_SECURE_NO_WARNINGS can be used to disable the warnings, but why
is Microsoft still using these functions? The sdk was released Feb. 2007.
Does anyone know if there are plans to fix these warning in a future release?

Thanks for any info.

 

[William DePalo [MVP VC++]]

I am getting several warnings associated with direct x h files. I'll post
one of them as an example:

That's due to what some miight call an excess of caution. The goal is to
move developers away from functions which can be used to cause buffer
overruns. As you already know, buffer overruns are a prime means that
malware "authors" use to wreak their havoc.

I see _CRT_SECURE_NO_WARNINGS can be used to disable
the warnings, but why is Microsoft still using these functions?

I don't speak for them but every development shop needs to address risk and
the amount of time it takes to address "issues". And they are stuck between
a rock and a hard place : if they change too much they risk breaking old
code written by me and you.

It's just my opinion, but I'd say the best plan is to scrutinize old code to
make sure that buffer overruns can't occur in places where you use the old
functions and to insure that new code does not use them anymore. YMMV.

Regards,
Will

 

[Guest]

.. And they are stuck between a rock and a hard place : if they change

too much they risk breaking old code written by me and you.

I understand, and will live with these warning.