[go: up one dir, main page]
Menu

#46 warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead.

N-A
closed-fixed
Piotr Fusik
None
7
2026-01-24
2026-01-15
Peter Dell
No

Warning in VS 2026 with toolset v145

_tcscpy(wav_filename + filenameChars, _T("wav"));

1>C:\jac\system\Windows\Programming\Repositories\RASTER-Music-Tracker\src\wasap.c(417,2): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.

Discussion

  • Piotr Fusik

    Piotr Fusik - 2026-01-17
    • status: open --> closed-wont-fix
    • assigned_to: Piotr Fusik
     

  • Piotr Fusik

    Piotr Fusik - 2026-01-17

    This is not a bug. MSVC's warning says "may be unsafe".

    For many years, MSVC did not implement C99 - one had to stick to C89. Then they push for using these C11 functions which provide dubious safety - you need to pass the number of available characters.

    I switched from MSVC to MinGW many years ago. Since you have already MSYS2 (for perl), installing MinGW GCC is as easy as:

    pacman -S make mingw-w64-i686-gcc mingw-w64-x86_64-gcc

    Then:

    make win32/wasap.exe
     

  • Piotr Fusik

    Piotr Fusik - 2026-01-17
    • status: closed-wont-fix --> closed-fixed
     

  • Piotr Fusik

    Piotr Fusik - 2026-01-17

    Ok, I fixed some buffer overflows with malicious long filenames.
    MSVC may still complain about "unsafe" functions, but I don't care.

     

  • Peter Dell

    Peter Dell - 2026-01-18

    I've added the _CRT_SECURE_NO_WARNINGS; define the project and the "unsafe" warnings are gone. But these two are still there and look valid to me:

    C:\jac\system\Windows\Programming\Repositories\RASTER-Music-Tracker\src\asap.c(2813,24): warning C4267: 'initializing': conversion from 'size_t' to 'int', possible loss of data
    1>C:\jac\system\Windows\Programming\Repositories\RASTER-Music-Tracker\src\asap.c(3991,10): warning C4996: 'strdup': The POSIX name for this item is deprecated. Instead, use the ISO C and C++ conformant name: _strdup. See online help for details.

    system\Windows\Programming\Repositories\RASTER-Music-Tracker\src\asap.c(4448,22): warning C4267: 'initializing': conversion from 'size_t' to 'int', possible loss o

     

  • Piotr Fusik

    Piotr Fusik - 2026-01-18

    C:\jac\system\Windows\Programming\Repositories\RASTER-Music-Tracker\src\asap.c(2813,24): warning C4267: 'initializing': conversion from 'size_t' to 'int', possible loss of data
    system\Windows\Programming\Repositories\RASTER-Music-Tracker\src\asap.c(4448,22): warning C4267: 'initializing': conversion from 'size_t' to 'int', possible loss o

    I will handle these. For now, just don't pass filenames consisting of over two billion characters. ;)

    C:\jac\system\Windows\Programming\Repositories\RASTER-Music-Tracker\src\asap.c(3991,10): warning C4996: 'strdup': The POSIX name for this item is deprecated. Instead, use the ISO C and C++ conformant name: _strdup. See online help for details.

    That is old days' Microsoft vs the rest of the world. The only SDK I know that didn't have strdup was early 2000s Windows Mobile - I remember I had to provide a (trivial) replacement for the missing strdup. C23 finally has it officially: https://en.cppreference.com/w/c/string/byte/strdup.html

     

  • Piotr Fusik

    Piotr Fusik - 2026-01-24

    C:\jac\system\Windows\Programming\Repositories\RASTER-Music-Tracker\src\asap.c(2813,24): warning C4267: 'initializing': conversion from 'size_t' to 'int', possible loss of data
    system\Windows\Programming\Repositories\RASTER-Music-Tracker\src\asap.c(4448,22): warning C4267: 'initializing': conversion from 'size_t' to 'int', possible loss o

    Fixed now.

     

Log in to post a comment.