You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Microsoft runtime library provides many routines that you can use to customize your app for international markets. This includes [locale-related routines](../c-runtime-library/locale.md), wide-character routines, multibyte-character routines, and generic-text routines.
12
+
The Microsoft runtime library provides many routines that you can use to customize your app for international markets such as:
For convenience, most locale-related routines are also categorized by what they do.
18
+
For convenience, most locale-related routines are also categorized by what they do.
15
19
16
-
In this section, and in the alphabetic reference, multibyte and wide-character routines are described along with their single-byte-character counterparts, when they exist.
20
+
Multibyte routines and wide-character routines are described alongside their single-byte-character counterparts, when they exist.
Many old CRT functions have newer, more secure versions. If a secure function exists, the older, less secure version is marked as deprecated and the new version has the `_s` ("secure") suffix.
13
13
14
-
In this context, "deprecated" means that using the function's isn't recommended. It doesn't mean that the function is scheduled to be removed from the CRT.
14
+
In this context, "deprecated" means using the function's isn't recommended. It doesn't mean the function is scheduled to be removed from the CRT.
15
15
16
-
The secure functions don't prevent or correct security errors. Instead, they catch errors when they occur. They perform additional checks for error conditions, and in the case of an error, they invoke an error handler (see [Parameter Validation](../c-runtime-library/parameter-validation.md)).
16
+
The secure functions don't prevent or correct security errors. Instead, they catch errors when they occur. They do additional checks for error conditions. If there is an error, they invoke an error handler (see [Parameter Validation](../c-runtime-library/parameter-validation.md)).
17
17
18
-
For example, the `strcpy` function has no way of telling if the string that it's copying is too large for its destination buffer. However, its secure counterpart, `strcpy_s`, takes the size of the buffer as a parameter, so it can determine if a buffer overrun will occur. If you use `strcpy_s` to copy 11 characters into a 10 character buffer, that is an error on your part; `strcpy_s`cannot correct your mistake. But it can detect your error and inform you by invoking the invalid parameter handler.
18
+
For example, the `strcpy` function can't tell if the string it's copying is too large for the destination buffer. Its secure counterpart, `strcpy_s`, takes the size of the buffer as a parameter. So it can determine if a buffer overrun will occur. If you use `strcpy_s` to copy 11 characters into a 10 character buffer, that is an error on your part; `strcpy_s`can't correct your mistake. But it can detect your error and inform you by invoking the invalid parameter handler.
19
19
20
20
## Eliminating deprecation warnings
21
21
22
22
There are several ways to eliminate deprecation warnings for the older, less secure functions. The simplest is simply to define `_CRT_SECURE_NO_WARNINGS` or use the [warning](../preprocessor/warning.md) pragma. Either will disable deprecation warnings, but the security issues that caused the warnings still exist. It's better to leave deprecation warnings enabled and take advantage of the new CRT security features.
23
23
24
-
In C++, the easiest way to do that is to use [Secure Template Overloads](../c-runtime-library/secure-template-overloads.md). This will eliminate deprecation warnings in many cases by replacing calls to deprecated functions with calls to the secure versions of those functions. For example, consider this deprecated call to `strcpy`:
24
+
In C++, the easiest way to do that is to use [Secure Template Overloads](../c-runtime-library/secure-template-overloads.md). This will eliminate deprecation warnings, in many cases, by replacing calls to deprecated functions with calls to secure versions of those functions. For example, consider this deprecated call to `strcpy`:
25
25
26
26
```
27
27
char szBuf[10];
@@ -36,7 +36,7 @@ Another source of deprecation warnings, unrelated to security, is the POSIX func
36
36
37
37
## Additional Security Features
38
38
39
-
Some of the security features include the following:
39
+
Some of the security features include:
40
40
41
41
-`Parameter Validation`. Secure functions, and many of their unsecure counterparts, validate parameters. Validation may include:
42
42
@@ -46,13 +46,13 @@ Some of the security features include the following:
46
46
47
47
- For more information, see [Parameter Validation](../c-runtime-library/parameter-validation.md).
48
48
49
-
- A handler for invalid parameters is also accessible to the developer. When an invalid parameter is encountered, instead of asserting and exiting the application, the CRT provides a way to check these problems via [_set_invalid_parameter_handler, _set_thread_local_invalid_parameter_handler](../c-runtime-library/reference/set-invalid-parameter-handler-set-thread-local-invalid-parameter-handler.md).
49
+
- A handler for invalid parameters is also accessible to the developer. When a function encounters an invalid parameter, instead of asserting and exiting the application, the CRT allows you to check these problems via [_set_invalid_parameter_handler, _set_thread_local_invalid_parameter_handler](../c-runtime-library/reference/set-invalid-parameter-handler-set-thread-local-invalid-parameter-handler.md).
50
50
51
-
-`Sized Buffers`. Any secure function that writes to a buffer, require that you pass the buffer size. The secure versions validate that the buffer is large enough before writing to it, which helps avoid dangerous buffer overrun errors that could allow malicious code to execute. These functions usually return an `errno` error code and invoke the invalid parameter handler if the size of the buffer is too small. Functions that read from input buffers, such as `gets`, have secure versions that require you to specify a maximum size.
51
+
-`Sized Buffers`. You must pass the buffer size to any secure function that writes to a buffer. The secure versions validate that the buffer is large enough before writing to it. Which helps avoid dangerous buffer overrun errors that could allow malicious code to execute. These functions usually return an `errno` error code and invoke the invalid parameter handler if the size of the buffer is too small. Functions that read from input buffers, such as `gets`, have secure versions that require you to specify a maximum size.
52
52
53
53
-`Null termination`. Some functions that left potentially non-terminated strings have secure versions, which ensure that strings are properly null-terminated.
54
54
55
-
-`Enhanced error reporting`. The secure functions return error codes with more error information than was available with the preexisting functions. The secure functions and many of the preexisting functions now set `errno` and often return an `errno` code type as well, to provide better error reporting.
55
+
-`Enhanced error reporting`. The secure functions return error codes with more error information than was available with the pre-existing functions. The secure functions and many of the pre-existing functions now set `errno` and often return an `errno` code type as well, to provide better error reporting.
56
56
57
57
-`Filesystem security`. Secure file I/O APIs support secure file access in the default case.
0 commit comments