Am Donnerstag 03 Mai 2007 23:58 schrieb Tom Spear:
On 5/3/07, Marcus Meissner marcus@jet.franken.de wrote:
wine is not using gets() at all, insofar there is no risk from it.
That much I knew, however we do use strcpy (especially in msi), and that is another one that has been deprecated ("banned")..
Afair some time ago part of the code was using strncpy which has a destination size count and is sometimes considered safe because of that. The strncpy calls were removed some time ago. Not sure why, but I think thats because strncpy has tricky cavecats too, like not necessarily terminating the string with '\0'. I don't know about the _s APIs, but I guess they're not fool prove either and look like a sort of embrace and extend to me.
As for applications using the safe functions I think Frank is right and they are implemented in the visual studio specifc msvcrt dlls, thus wine doesn't have to implement them. My Visual Studio 6 doesn't know them.