Saying Goodbye to an Old Friend

Hot Topic

Using SSE3 inline with VC++2003
retrieve symbols from the line
variable in form
error C2143: syntax error : missing ';' before '^'
C++/CLI code porting problem
calling managed code from unmanaed
Cannot Instantiate abstract class
Dll components fail to initialize
Use Native COM Servers with CRCWs ??
How could i pass a structure as CmdLine parameter while using CreateProcess?

Visual C++

Structure member definition not recognized
Help needed with "error C2784"
Linking to static lib created with vc7.1
Mixing C and C++ MFC
VS 2005 RTM SKUs and 64-Bit.
Visual C++ express beta 2: can't link std::runtime_error
VS7 program uses (unwanted) VS8 DLL's and crashes
GDI+ Display JPG
How to convert CLR project to ActiveX
mkDir

Saying Goodbye to an Old Friend

I recently read this article regarding security changes to the C/C++ ANSI standard in order to improve overall behaviour and programming issues when dealing with memory overruns and potential malicious use of the Runtime library functions.

[EDIT] http://msdn.microsoft.com/library/default.asp url=/library/en-us/dncode/html/secure03102004.asp

Anyway, it was only until after starting to use the Microsoft C++ 2005 Express Beta 2 system that these changes had already been implemented in the runtime library.  This of course supprised me, as I had to make changes to my existing code in order to get the source to compile.  I read the PDF document which outlines these changes to be submitted to the standards committee.  One of the changes I thought needs revising:

On page 10, section 3.3.1 - Psuedo-random sequence generation functions, it is outlined that a new macro - RAND_S_MAX is to be added to the library which defines the maximum value that rand_s will return.  Why has this macro been defined   I was under the distinct impression that RAND_MAX was already defined.  Also, because of the naming convention applied to the other macros defined in the document, for example (Page 4) - TMP_MAX_S, would it be more appropriate to keep this naming convention and change RAND_S_MAX to RAND_MAX_S.  This would only then require a programmer to change existing occurances of the macro in their code by adding _S to the macro

This is merely an observation and is in no way intended to start a full blown discussion on the matter, but just so happened to be the first thing that popped into my mind when I scanned through the PDF document.

Cheers.

Paul.

Answer this question

Saying Goodbye to an Old Friend

  • Henrik Goldman

    Ahha, I see the reason for the given name now.  Although I was still unsure about the RAND_MAX constant being changed as this would be defined in the standard headers, would it not

    Quote: The name RAND_S_MAX was chosen because it is associated with the rand_s function:

    So, am I to understand then that the standard 'rand' function and the new 'rand_s' function could return different maximum bounded numbers   So like RAND_MAX and RAND_S_MAX are to differ

    Paul.

  • RYoung

    Paul: all the old CRT functions are still there: the proposed Technical Report only adds functions to the C Standard it does not remove anything (yet: they are "marked" as deprecated but Standards bodies very rarely completely remove anything).

    What you will see with Visual C++ 2005 is that you will, by default, get a warning if you use any of the insecure functions: this is because Visual C++ 2005 defines __STDC_WANT_SECURE_LIB__ by default. You can either just ignore these warnings, disable them by defining a macro (_CRT_SECURE_NO_DEPRECATE), or fix your code. In most cases the warning will tell you which function you should use.

  • Deepesh Bhanani

    Jonathan,

    Ok, I understand now.  Many thanks for your replies.  Ok, one more question.  Since this is an ongoing situation with regards to that document being proposed to the standards committee, are the original standards still implemented by the VIsual C++ 2005 Express Beta 2 edition of the compiler.  By this, I mean that I do have quite alot of code that was originally compiled under the GNU GCC compiler, and I'm currently moving it over to the Express edition compiler.  Will I need to make these changes to the source code to comply with the new _s functions etc   Or is it that the older functions are only deprecated if __USE_SECURE_LIB__ is defined

    Again, many thanks.

    Paul.

  • kbiesbrock

    Hi Paul: RAND_S_MAX was introduced because it is possible on some systems that RAND_MAX and RAND_S_MAX would have different values: therefore we needed a separate macro.

    The name RAND_S_MAX was chosen because it is associated with the rand_s function: TMP_MAX_S is different as it is independent of any function.

  • PAsp

    That's great :).  I'll use the warnings as a way to slowly but eventually modify the code to reflect the new functions.

    Thanks for your help Jonathan.

    Paul.

  • Sam Thakkar

    Given any particular implementation of the CRT I would say that the chances of RAND_MAX and RAND_S_MAX being different are very low: but it is possible, and as this is an open Standards process we need to take that into account. Hence the two different macros.

  • Saying Goodbye to an Old Friend
Answer this question