类似“wcstok”的警告:此函数或变量可能不安全。考虑使用 wcstok_s 代替
我只是在代码中使用这些宽字符文字来了解它们
wchar_t* wpsub = wcstok(names, names_delim);
wpsub = wcstok(NULL, names_delim);
wchar_t* wcopied=new wchar_t[wcslen(wname) + 1];
strcpy(nameptr, "singh");
wcscpy(wcopied, wname);
wcscat(wcopied, L" Singh");
为什么我会收到这些警告,无论如何我都忽略了它。 我们是否需要忽略任何此类警告?
: warning C4996: 'wcstok': This function or variable may be unsafe. Consider using wcstok_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
: see declaration of 'wcstok'
: warning C4996: 'wcstok': This function or variable may be unsafe. Consider using wcstok_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
: see declaration of 'wcstok'
: warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
: see declaration of 'strcpy'
: warning C4996: 'wcscpy': This function or variable may be unsafe. Consider using wcscpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
: see declaration of 'wcscpy'
: warning C4996: 'wcscat': This function or variable may be unsafe. Consider using wcscat_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
: see declaration of 'wcscat'
I am just using these wide character literals in my code to learn about them
wchar_t* wpsub = wcstok(names, names_delim);
wpsub = wcstok(NULL, names_delim);
wchar_t* wcopied=new wchar_t[wcslen(wname) + 1];
strcpy(nameptr, "singh");
wcscpy(wcopied, wname);
wcscat(wcopied, L" Singh");
why am I getting these warning,I ignored it anyway.
do we need to ignore any such warnings.
: warning C4996: 'wcstok': This function or variable may be unsafe. Consider using wcstok_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
: see declaration of 'wcstok'
: warning C4996: 'wcstok': This function or variable may be unsafe. Consider using wcstok_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
: see declaration of 'wcstok'
: warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
: see declaration of 'strcpy'
: warning C4996: 'wcscpy': This function or variable may be unsafe. Consider using wcscpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
: see declaration of 'wcscpy'
: warning C4996: 'wcscat': This function or variable may be unsafe. Consider using wcscat_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
: see declaration of 'wcscat'
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
不使用原始的 strtok 系列函数还有另一个原因:
原因是
strtok不可重入:在设计时,人们认为使用全局变量作为上下文的存储库是一个好主意(您认为strtok< /code> 能记住每个函数调用之间从哪里继续吗?)。过去的已经过去了,我们不应该评判几十年前的代码,但是,随着所有新标准(我想到了 C99),我仍然对这个函数没有被重构感到惊讶。
至少,Microsoft 生成的strtok_s 函数系列使用了用户为此提供的变量(称为
context)。如果您可以选择,对于生产代码,请使用strtok_s。如果您需要提供跨平台代码,我的建议是:
strtok_r当谷歌搜索时),重定向到该函数现在,有这些函数的C++替代品C 函数,将
std::string方法组合在一起,或使用 boost::tokenizerThere is another reason not to use the original strtok family function:
The reason is that
strtokis not reentrant: When designed, is was believed it would be a good idea for it to use a global variable as repository for the context (how did you thinkstrtokcan remember where to continue between each function call?).The past is the past, and we should not judge code from decades ago, but then, with all the new standards (C99 comes to mind), I'm still surprised this function didn't get refactored.
At the very least, the strtok_s family of function produced by Microsoft uses a user-provided variable for that (called
context). If you have the choice, for production code, usestrtok_s.And if you need to provide cross platform code, my advice is :
strtok_rwhen Googling), redirect to that functionNow, there are C++ alternatives to these C functions, either combining
std::stringmethods together, or using boost::tokenizer您应该使用
std::wstring和std::string以及类似的 C++ 标准库函数,而不是这些函数,因为它们容易受到缓冲区溢出和其他安全问题的影响 (更不用说应用程序可靠性)问题。You should be using
std::wstringandstd::stringand similar C++ Standard library functions, instead of those functions, as they are susceptible to buffer overruns and other security (not to mention application reliability) issues.wcstok容易受到缓冲区溢出攻击。编译器建议您使用应对该威胁的替代版本。请参考MSDN文档中的备注对于
wcstok。如果您可以完全控制传递给
wcstok的数据,那么您就无需担心。如果传递给 wcstok 的数据可以由用户提供,则可能会造成缓冲区溢出攻击。The
wcstokis susceptible to buffer overrun exploits. The compiler is recommending that you use an alternative version that deals with that threat.Please refer to the remarks in the MSDN documentation for
wcstok.If you have complete control of the data which is passed to
wcstokthen you have no cause for concern. If the data passed towcstokcould be supplied by the user then that creates the potential for a buffer overrun attack.