The memcpy() function has been recommended to be banned and will most likely enter Microsoft’s SDL Banned list later this year. memcpy() joins the ranks of other popular functions like strcpy, strncpy, strcat, strncat which were banned due to their security vulnerability through buffer overruns.
A number of Microsoft security updates were issued over time because of memcpy(): MS03-030 (DirectX), MS03-043 (Messenger Service), MS03-044 (Help and Support), MS05-039 (PnP), MS04-011 (PCT), MS05-030 (Outlook Express), CVE-2007-3999 (MIT Kerberos v5), CVE-2007-4000 (MIT Kerberos v5), and others.
The functions to be banned by Microsoft are memcpy(), CopyMemory(), and RtlCopyMemory(). To start banning these functions one should add the following #pragma line to a header file and the compiler will issue a warning every time it encounters one of them:
#pragma deprecated (memcpy, RtlCopyMemory, CopyMemory)
or, alternatively for C++, by using the next line:
#define _CRT_SECURE_WARNINGS_MEMORY
or, for GCC, by using the next one:
#pragma GCC poison memcpy RtlCopyMemory CopyMemory
The recommended function to be used instead is memcpy_s() which has the following signature in VC++ 2008:
errno_t __cdecl
memcpy_s(
_Out_opt_bytecap_post_bytecount_(_DstSize, _MaxCount)
void * _Dst,
_In_ rsize_t _DstSize,
_In_opt_bytecount_(_MaxCount) const void * _Src,
_In_ rsize_t _MaxCount
);
memcpy_s() is not error prone because one might specify a longer destination size than it is actually allocated leading to the same security vulnerability as memcpy().
The SDL complete list contains many banned functions calls along with recommended functions to be used instead. Some of them are:
| Description | Banned function | Recommended function |
| String copy | strcpy, wcscpy, _tcscpy, _mbscpy, StrCpy, StrCpyA, StrCpyW, lstrcpy, lstrcpyA, lstrcpyW, strcpyA, strcpyW, _tccpy, _mbccpy | strcpy_s |
| String concatenation | strcat, wcscat, _tcscat, _mbscat, StrCat, StrCatA, StrCatW, lstrcat, lstrcatA, lstrcatW, StrCatBuffW, StrCatBuff, StrCatBuffA, StrCatChainW, strcatA, strcatW, _tccat, _mbccat | strcat_s |
| Sprintf | wnsprintf, wnsprintfA, wnsprintfW, sprintfW, sprintfA, wsprintf, wsprintfW, wsprintfA, sprintf, swprintf, _stprintf | sprintf_s |
| Tokenizing | strtok, _tcstok, wcstok, _mbstok | strtok_s |
| Scanf | scanf, wscanf, _tscanf, sscanf, swscanf, _stscanf | sscanf_s |
| Numeric conversions | _itoa, _itow, _i64toa, _i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow | _itoa_s, _itow_s |
| Gets | gets, _getts, _gettws | gets_s |
SDL has offered a header file (banned.h) to be included in order to get warnings for all the banned functions. As an alternative method, one can use the /W4-C4996 compiler option in VS 2005 or later.