search for: memcpy_s

On 09/21/2012 05:52 AM, Martinez, Javier E wrote: > The proposal comments have largely centered on the string functions. Do > people feel the same way about memcpy_s? What about those of you > building LLVM on Windows with Visual Studio? Is memcmp_s (or a variant thereof) a win in practice? It covers the case pretty well where you try to copy a dynamically sized buffer to the start of a statically sized one. I don't want to say that it doesn't...

...ion buffer size is redundant information. I think we also agree that there are cases where the correct use of memcpy is not clear cut and the 4-parameter version adds value. I've modified the original proposal to strike the middle of the road. Instead of only providing a 4-parameter version of memcpy_secure now a 3-parameter version also exists. The latter maps to memcpy or memcpy_s depending on what's available as determined by the CMake scripts. The 4-parameter version replaces those calls to memcpy where safe use can't be determined. All other calls will be replaced to the 3-parameter...

...to replace the call based on the location of the source buffer. If there are no objections I'll prepare a patch that replaces the string manipulation functions an appropriate string object. The proposal comments have largely centered on the string functions. Do people feel the same way about memcpy_s? What about those of you building LLVM on Windows with Visual Studio? I know both functions can be used the wrong way but at least the "secure" version makes one think about the value passed for destination size. Very likely most of the 1691 uses of memcpy in Clang/LLVM are correct but w...

...ack to a string using memcpy() when it comes to dealing with text. But, since we don''t know in advance how much text is on the clipboard, we''ll need to dynamically allocate a string buffer. How do you know if you''ve allocated enough? BTW, I don''t think we can use memcpy_s() in practice, since it''s not supported by VC++ 6. Then we need a generic way to handle text or images: # something like this def self.data(format = TEXT) begin self.open if IsClipboardFormatAvailable(format) clipdata = GetClipboardData(format)...

.... Most of the functions identified are for manipulating strings. Memcpy is the most commonly used of all these unsecure methods. The following table lists all these functions are their recommended secure alternatives. Recommended alternatives: Functions Windows Unix/Mac OS Memcpy memcpy_s - Sprint sprintf_s snprintf Sscanf scanf_s - _alloca _malloca - Strcat strcat_s strlcat Strcpy strcpy_s strlcpy Strtok strtok_s - The proposal is to add secure versions of these fun...

...entified are for > manipulating strings. Memcpy is the most commonly used of all these > unsecure methods. The following table lists all these functions are > their recommended secure alternatives. > > Recommended alternatives: > > Functions Windows Unix/Mac OS > > Memcpy memcpy_s - > > Sprint sprintf_s snprintf > > Sscanf scanf_s - > > _alloca _malloca - > > Strcat strcat_s strlcat > > Strcpy strcpy_s strlcpy > > Strtok strtok_s - > > The proposal is to add secure versions of these functions. These > functions will be implemented...

...ating strings. > Memcpy is the most commonly used of all these unsecure methods. The > following table lists all these functions are their recommended secure > alternatives. > > > > Recommended alternatives: > > Functions Windows Unix/Mac OS > > Memcpy memcpy_s - > > Sprint sprintf_s snprintf > > Sscanf scanf_s - > > _alloca _malloca - > > Strcat strcat_s strlcat > > Strcpy strcpy_s strlcpy > > Strtok strtok_s -...

...ing strings. > Memcpy is the most commonly used of all these unsecure methods. The > following table lists all these functions are their recommended secure > alternatives. > > > > Recommended alternatives: > > Functions Windows Unix/Mac OS > > Memcpy memcpy_s - > > Sprint sprintf_s snprintf > > Sscanf scanf_s - > > _alloca _malloca - > > Strcat strcat_s strlcat > > Strcpy strcpy_s strlcpy > > Strtok strtok_s -...

...the value passed for destination size. Very > likely most of the 1691 uses of memcpy in Clang/LLVM are correct but with > such a high number of uses there are likely a few that are not. I’m willing > to plow through all the calls to check the parameters while making the > change to the memcpy_secure version from the proposal. My inclination is that it will be redundant. For example, consider this usage, grabbed randomly from the source code: char *Buf = static_cast<char *>(Allocate(Directory.size())); memcpy(Buf, Directory.data(), Directory.size()); it's not that...

On Thu, Sep 20, 2012 at 10:13 AM, Chris Lattner <clattner at apple.com> wrote: > > On Sep 20, 2012, at 3:01 AM, Dmitri Gribenko <gribozavr at gmail.com> wrote: > > > On Wed, Sep 19, 2012 at 3:00 AM, Martinez, Javier E > > <javier.e.martinez at intel.com> wrote: > >> We have identified functions in LLVM sources using a static code > analyzer >

On Sep 20, 2012, at 3:01 AM, Dmitri Gribenko <gribozavr at gmail.com> wrote: > On Wed, Sep 19, 2012 at 3:00 AM, Martinez, Javier E > <javier.e.martinez at intel.com> wrote: >> We have identified functions in LLVM sources using a static code analyzer >> which are marked as a “security vulnerability”[1][2]. There has been work >> already done to address some of

...anges since 1.7.29: Alexandre Julliard (10): iphlpapi: Avoid an uninitialized variable warning. gdi32: Check the hatch masks instead of the rop masks for the null and mask optimization case. xcopy: Avoid a potential out of bounds access. msvcp90: Add inline wrappers for the memcpy_s/memmove_s/mbstowcs_s functions. comdlg32: Use PathAddBackslash to avoid a compiler warning. write: Always append a backslash to the system directory. kernel32/tests: Use a pointer instead of an array to make gcc happy. cmd: Add a helper function to check if a path ends with...

...aban (12): mshtml: Use set_document_mode in process_document_response_headers. winhttp: Move cookie_t declaration to cookie.c. winhttp: Make cookie access thread safe. winhttp: Make accessing session credential handle thread safe. msvcrt: Use memmove to copy memory in wmemcpy_s. msvcrt: Use memmove to copy memory in memcpy_s. hostname: Use GetComputerNameW to get hostname. configure: Get rid of no longer used SOCKET_LIBS. mshtml: Support registry configuration for maximal allowed compatibility mode. mlang: Register codepages info in registry....

...ded implemenatation of _create_locale and _free_locale. msvcrt: Added _iswalpha_l implementation. msvcr80: Fix typo in msvcr80.spec. msvcr90: Forward ?_open@@YAHPBDHH at Z calls to _open. msvcr90: Added __clean_type_info_names_internal stub. msvcrt: Added memmove_s and memcpy_s implementation. msvcr90: Forward _calloc_crt to calloc. msvcr90: Forward _iswalpha_l calls to msvcrt. msvcrt: Change _create_locale implementation so generated structure is easier to modify. msvcrt: Change implementation of setlocale. msvcrt: Add helper function that r...