Slashdot Mirror


Microsoft To Banish Memcpy()

kyriacos notes that Microsoft will be adding memcpy() to its list of function calls banned under its secure development lifecycle. This reader asks, "I was wondering how advanced C/C++ programmers view this move. Do you find this having a negative impact on the flexibility of the language, and do you think it will restrict the creativity of the programmer?"

7 of 486 comments (clear)

  1. malloc() and free() by Anonymous Coward · · Score: 5, Funny

    Those are also dangerous functions. And also array indexing! That should also be eliminated.

  2. First they take my gets.. by adonoman · · Score: 5, Funny

    First they came for gets, then they took scanf and strcpy, now they want memcpy? Outrageous! How are virus writers going to be able to take advantage of buffer overflows if I'm continuously keeping track of how big my buffers are? I may have to start lying about their size just to give hackers a chance.

    1. Re:First they take my gets.. by Anonymous Coward · · Score: 5, Funny

      First they came for gets, And I didn't speak up because I didn't use gets
      Then they came for scanf, And I didn't speak up because I didn't use scanf
      Then they came for strcpy, And I didn't speak up because I didn't use strcpy
      And then... they came for memcpy... And by that time there was no one left to speak up.

  3. the worst offender is main() by JeanBaptiste · · Score: 5, Funny

    Most any security problem can be traced back to this function.

    1. Re:the worst offender is main() by Khashishi · · Score: 4, Funny

      you mean WinMain()

  4. The goto threat == Raptors by beathach · · Score: 4, Funny

    Foolish mammal, they cannot be defeated so easily. http://xkcd.com/292/

  5. Re:No - there are plenty of safer alternatives by James+Skarzinskas · · Score: 5, Funny

    In an effort to "one-up" Microsoft, Apple promises to replace their own memcpy() with one that not only does not require a size for the destination buffer, but does not require a destination buffer at all. While Apple programmers call the move "totally pointless" and "absolute proof of functional retardation", Steve Jobs has simply responded, sagely, that the future of Apple development is through so-called "intuitive APIs". It just works.