惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Hugging Face - Blog
Hugging Face - Blog
C
Cybersecurity and Infrastructure Security Agency CISA
G
Google Developers Blog
The Cloudflare Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
The GitHub Blog
The GitHub Blog
TaoSecurity Blog
TaoSecurity Blog
V
Visual Studio Blog
D
DataBreaches.Net
人人都是产品经理
人人都是产品经理
博客园 - Franky
S
Security @ Cisco Blogs
Hacker News - Newest:
Hacker News - Newest: "LLM"
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cyber Attacks, Cyber Crime and Cyber Security
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
H
Hackread – Cybersecurity News, Data Breaches, AI and More
腾讯CDC
T
Troy Hunt's Blog
B
Blog RSS Feed
A
About on SuperTechFans
IT之家
IT之家
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
J
Java Code Geeks
S
Securelist
T
Threatpost
SecWiki News
SecWiki News
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Y
Y Combinator Blog
Blog — PlanetScale
Blog — PlanetScale
aimingoo的专栏
aimingoo的专栏
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Forbes - Security
Forbes - Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
D
Docker
N
News and Events Feed by Topic
Schneier on Security
Schneier on Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
月光博客
月光博客
C
CXSECURITY Database RSS Feed - CXSecurity.com
罗磊的独立博客
H
Hacker News: Front Page
N
News and Events Feed by Topic
N
Netflix TechBlog - Medium
AWS News Blog
AWS News Blog
P
Privacy International News Feed
Scott Helme
Scott Helme
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
V
Vulnerabilities – Threatpost
The Register - Security
The Register - Security

博客园 - 今夜太冷

GPG(GnuPG)入门 Session variables lost after the call of Response.Redirect method c++中POD类型和non-POD类型 关于c++ template的branching和Recursion的一段很好的描述 How do I remove a particular element from an array in JavaScript? Get the client's IP address in socket.io 前端 使用 crypto-js 对数据进行对称加密 C++ delegate的几种方法 MFC更换窗口图标 boost::make_function_output_iterator报错: C4996 std::vector push_back报错Access violation Structured Exception Handling Catch a Memory Access Violation in C++ Windows上的字符转换之CP_ACP和CP_OEMCP Initialize a vector in C++ (5 different ways) MFC中使用ATL报错:error C4430: missing type specifier - int assumed. Note: C++ does not support default-int C++ WINDOWS下 wchar_t *和char * 相互转化总结篇 VS2008 编译出错 fatal error C1859: unexpected precompiled header error, simply rerunning the compiler might fix this problem 解析XML出错,无法创建DOMDocument对象
How to copy the contents of std::vector to c-style static array,safely?
今夜太冷 · 2018-08-28 · via 博客园 - 今夜太冷

[问题]

I am getting warning when using the std copy function.

I have a byte array that I declare.

byte *tstArray = new byte[length];

Then I have a couple other byte arrays that are declared and initialized with some hex values that i would like to use depending on some initial user input.

I have a series of if statements that I use to basically parse out the original input, and based on some string, I choose which byte array to use and in doing so copy the results to the original tstArray.

For example:

if(substr1 == "15")
{
   std::cout<<"Using byte array rated 15"<<std::endl;
   std::copy(ratedArray15,ratedArray15+length,tstArray);
} 

The warning i get is warning C4996: 'std::copy': Function call with parameters that may be unsafe - this call relies on the caller to check that the passed values are correct.

A possible solution is to to disable this warning is by useing -D_SCL_SECURE_NO_WARNINGS, I think. Well, that is what I am researching.

But, I am not sure if this means that my code is really unsafe and I actually needed to do some checking?

[回答1]

https://stackoverflow.com/questions/2321908/issue-with-using-stdcopy

C4996 means you're using a function that was marked as __declspec(deprecated). Probably using D_SCL_SECURE_NO_WARNINGS will just #ifdef out the deprecation. You could go read the header file to know for sure.

But the question is why is it deprecated? MSDN doesn't seem to say anything about it on the std::copy() page, but I may be looking at the wrong one. Typically this was done for all "unsafe string manipulation functions" during the great security push of XPSP2. Since you aren't passing the length of your destination buffer to std::copy, if you try to write too much data to it it will happily write past the end of the buffer.

To say whether or not your usage is unsafe would require us to review your entire code. Usually there is a safer version they recommend when they deprecate a function in this manner. You could just copy the strings in some other way. This article seems to go in depth. They seem to imply you should be using a std::checked_array_iterator instead of a regular OutputIterator.

Something like:

stdext::checked_array_iterator<char *> chkd_test_array(tstArray, length);
std::copy(ratedArray15, ratedArray15+length, chkd_test_array);

(If I understand your code right.)

[回答2]

https://stackoverflow.com/questions/633549/how-to-copy-the-contents-of-stdvector-to-c-style-static-array-safely

The problem is that you're adding things to the vector so it ends up with more elements than were in the myarr array that you initialized it with.

If you want to copy the vector back into the array, you'll need to size it down:

myvec.resize( MAX_SIZE);

Or you could limit the number of elements you copy back:

copy( myvec.begin(), myvec.begin()+MAX_SIZE, myarr);

If you want the myarr array to contain all the elements, then it needs to be larger than MAX_SIZE, and you've found out why people suggest to use vector rather than raw arrays (vectors know how to grow, arrays do not).

Note that while you don't want 'Any answer that resembles:"You use c++, drop the c style array implementation. Use only vector for all array implementation"', you can often get away with using a vector and passing &myvec[0] to routines that expect a raw array. vector is required to store its elements contiguously just like a raw array for just this reason.

Since you're getting the 'unsafe operation' warning, you're using Microsoft's compiler. To fix the problem safely, you're supposed to use the checked_copy algorithm instead of copy. As Evgeny Lazin indicates, you can create a checked iterator for your array to pass to the checked_copyalgorithm.

Other options to make the copy safe that do not require Microsoft extensions would be to wrap the array in a class (possibly templated) that keeps track of the array size and provides methods to copy data into the array in a safe manner. Something like STLSoft's array_proxy template orBoost's boost::array might help.