I believe that VS2005 Has a new snprintf_s, strcpy_s etc that are
suppose to be secure
See:
http://msdn2.microsoft.com/en-us/library/8ef0s5kh(VS.80).aspx.
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=6995&SiteID=1.
Kevin
Philip Taylor wrote:
Klaas-Jan Stol wrote on 05/03/2007 16:48:
On 3/5/07, jerry gay <[EMAIL PROTECTED]> wrote:
i disagree. the reason C<strdup>, C<strnicmp> and C<stricmp> were
deprecated is because they're non-ansi. therefore, microsoft renamed
it to C<_strdup>. since we've pledged ansi (aka c89) c compliance, we
should be following a similar path.
instead of disabling the *valid* compiler warning, i suggest that
either we modify our coding standard to allow C<strdup>, or we rename
all usage to C<_strdup> and #define as appropriate for each compiler.
Moreover, strdup was not deprecated without a reason; strdup is
claimed to
be unsafe. It might be a good idea to accept this piece of advice,
and use
_strdup and friends.
As far as I can see, MSVC doesn't claim strdup is unsafe - string.h
just defines it with "_CRT_NONSTDC_DEPRECATE", and the compiler warns
"The POSIX name for this item is deprecated. Instead, use the ISO C++
conformant name: _strdup. See online help for details."
For the string functions which it does claim are unsafe (strcpy,
strcat, etc), it warns "This function or variable may be unsafe.
Consider using strcpy_s instead" and provides the _s alternatives; but
strdup isn't one of those functions. A call to strdup is actually
compiled into a call to _strdup (via linker tricks (I assume) in
oldnames.lib), so there's no difference at all in implementation or
safety.
