[Insight-developers] Policy regarding insecure APIs like strcpy() and sprintf()? Phase out?
Sean McBride
sean at rogue-research.com
Wed May 20 20:15:11 EDT 2009
On 5/20/09 7:23 PM, Bill Lorensen said:
>It would be a great project to remove the old c-style string routines
>and move to std::string and portable string stream. I think this
>should be possible, but I don't know how much work it would take.
Probably a lot. :( The most difficult part will be when a change to the
public API is needed. Like the example I gave: DICOMAppHelper.h uses
strcpy() and in fact propagates its insecurity:
void GetPatientName(char* name)
{
strcpy(name, m_PatientName);
}
One possibility is:
void GetPatientName(char* name, size_t bufferlen)
{
strlcpy(name, m_PatientName, bufferlen);
}
another:
std::string* GetPatientName(void)
{
// create new std::string, copy PatientName into it
}
--
____________________________________________________________
Sean McBride, B. Eng sean at rogue-research.com
Rogue Research www.rogue-research.com
Mac Software Developer Montréal, Québec, Canada
More information about the Insight-developers
mailing list