BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News memcpy() Is Going to Be Banned

memcpy() Is Going to Be Banned

Leia em Português

The memcpy() function has been recommended to be banned and will most likely enter Microsoft’s SDL Banned list later this year. memcpy() joins the ranks of other popular functions like strcpy, strncpy, strcat, strncat which were banned due to their security vulnerability through buffer overruns.

A number of Microsoft security updates were issued over time because of memcpy(): MS03-030 (DirectX), MS03-043 (Messenger Service), MS03-044 (Help and Support), MS05-039 (PnP), MS04-011 (PCT), MS05-030 (Outlook Express), CVE-2007-3999 (MIT Kerberos v5), CVE-2007-4000 (MIT Kerberos v5), and others.

The functions to be banned by Microsoft are memcpy(), CopyMemory(), and RtlCopyMemory(). To start banning these functions one should add the following #pragma line to a header file and the compiler will issue a warning every time it encounters one of them:

#pragma deprecated (memcpy, RtlCopyMemory, CopyMemory)

or, alternatively for C++, by using the next line:

#define _CRT_SECURE_WARNINGS_MEMORY

or, for GCC, by using the next one:

#pragma GCC poison memcpy RtlCopyMemory CopyMemory

The recommended function to be used instead is memcpy_s() which has the following signature in VC++ 2008:

errno_t __cdecl 
    memcpy_s(
        _Out_opt_bytecap_post_bytecount_(_DstSize, _MaxCount) 
                void * _Dst,
        _In_ rsize_t _DstSize, 
        _In_opt_bytecount_(_MaxCount) const void * _Src, 
        _In_ rsize_t _MaxCount
    );

memcpy_s() is not error prone because one might specify a longer destination size than it is actually allocated leading to the same security vulnerability as memcpy().

The SDL complete list contains many banned functions calls along with recommended functions to be used instead. Some of them are:

Description Banned function Recommended function
String copy strcpy, wcscpy, _tcscpy, _mbscpy, StrCpy, StrCpyA, StrCpyW, lstrcpy, lstrcpyA, lstrcpyW, strcpyA, strcpyW, _tccpy, _mbccpy strcpy_s
String concatenation strcat, wcscat, _tcscat, _mbscat, StrCat, StrCatA, StrCatW, lstrcat, lstrcatA, lstrcatW, StrCatBuffW, StrCatBuff, StrCatBuffA, StrCatChainW, strcatA, strcatW, _tccat, _mbccat strcat_s
Sprintf wnsprintf, wnsprintfA, wnsprintfW, sprintfW, sprintfA, wsprintf, wsprintfW, wsprintfA, sprintf, swprintf, _stprintf sprintf_s
Tokenizing strtok, _tcstok, wcstok, _mbstok strtok_s
Scanf scanf, wscanf, _tscanf, sscanf, swscanf, _stscanf sscanf_s
Numeric conversions _itoa, _itow, _i64toa, _i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow _itoa_s, _itow_s
Gets gets, _getts, _gettws gets_s

SDL has offered a header file (banned.h) to be included in order to get warnings for all the banned functions. As an alternative method, one can use the /W4-C4996 compiler option in VS 2005 or later.

Rate this Article

Adoption
Style

BT