Warning C4996: This function or variable may be unsafe -- compared to GCC on POSIX

c++ windows visual-c++ gcc
14,469

Solution 1

  1. In a sane world, the answer would be "of course not, that would be stupid!" In this world, though, it seems there is no end of gut-wrenchingly poorly thought out undocumented behavior upon which people will stoop to depending upon. Raymond Chen has a great collection of such anecdotes (anecdon'ts?) in his blog. Such as the hideous practice of using a bug in the loader to share thread-local variables between an exe and a DLL. When you have as many customers as Microsoft does, the only safe choice is to never even risk breaking backwards compatibility.

  2. The difference in warnings is because cl.exe is going out of its way to highlight a potential security problem, and g++ isn't. getenv and puts and friends are all still broken under POSIX, but (at least for getenv) there isn't a more secure alternative in the standard library. And, unlike Microsoft, the GNU folks probably see a standard library call with potential security problems as a lesser evil than a more secure but platform-specific library call.

Solution 2

It annoys the heck outta me that Microsoft chose to do this. I know how to call all the functions safely, I don't want or need these extra warnings.

Just set _CRT_SECURE_NO_WARNINGS and be done with it. It's really that silly.

Solution 3

For the specific case of getenv, it is indeed not reentrant or thread safe. As for why Microsoft doesn't just replace it, you can't take that interface and make it reentrant (you can almost make it "thread safe" with thread local storage, but it would still not be reentrant).

Even if you just took getenv away altogether, there is still the problem that you have the environ variable which would require some serious compiler level support to make thread safe, since it is just data.

Really, using environment variables for anything other than "setting it up before the process starts or at process start, and only reading from it from that point on" is going to probably end in tears if you have more than one thread. setenv and putenv don't have a rich enough interface to express something like "set this set of environment variables atomically" and likewise getenv doesn't have a way to express "read this set of environment variables atomically".

_dupenv_s is somewhat silly in my opinion, because if using that suddenly makes your code safe, it could probably done in a safe way with getenv. _dupenv_s solves a tiny subset of the problems with using environment variables in a multithreaded scenario.

Share:
14,469
kizzx2
Author by

kizzx2

Updated on June 03, 2022

Comments

  • kizzx2
    kizzx2 almost 2 years

    I notice that MS compilers give "deprecated" warnings for cstdlib functions like getenv. MS has invented its own standard such as _dupenv_s.

    Question 1

    AFAIK the main "unsafe" thing is about reentrancy *. Since MS's CRT is marked as "multi-threaded" (/MT), why don't they just replace getenv with the reentrant, thread-safe version? Is it like anybody would depend on the unsafe behavior?

    Question 2

    I compiled the same code with GCC g++ -Wall -Wextra -Weff++ -pedantic foo.cpp and it doesn't yield any warnings. So I guess this is not a problem on POSIX? How is this solved? (OK maybe they just changed the behavior of getenv, would be nice to have this confirmed).

    * It's an over-generalization to say that its' only about reentrancy. Of course we have things like strncpy_s which changes the signature completely and deals with buffer size. But doesn't change the core of this question

  • kizzx2
    kizzx2 over 13 years
    Nice point. Following your logic -- MS's deprecated warning is really redundant. Take getenv for example: 1) GetEnvironmentVariable probably doesn't solve reentrancy, yet it is not "deprecated." 2) If I really want to secure my code and go to implement a Ph.D grade thread-safe rigorous-algorithm wrapper, it's still going to call getenv at some point, so I'm still unsafe by MSVC's definition. (Unless I alienate the standard and succumb to the MS-specific realm)
  • default
    default over 13 years
    Probably the same reason they added "Are you sure you want to perform <action>? Yes/No" messages. People are.. well, not that smart all the time :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

GCC worth using on Windows to replace MSVC?
Difference between Win-builds vs MinGW-builds
C++ gcc vs visual c++
Running an external exe from win32 application
When CDialog.DoModal() function fails to create dialog box?
Execute another program in C++
How do I use WaitForMultipleObjects to balance competing work?
LoadString works only if I don't have an English string table
"Mixing a dll boost library with a static runtime is a really bad idea..."
How to properly set target OS version when building a library on Windows using Visual C++ compiler