简体繁体 English

SystemC错误，使用Visual C ++ 2008

[英]SystemC error, using visual c++ 2008

原文 2012-01-28 01:21:37 0 2 c++/ vhdl/ hdl/ systemc/ secure-coding

I am using systemC with visual C++ 2008. I wrote a simple hello world program. 我在Visual C ++ 2008中使用systemC。我编写了一个简单的hello world程序。 However I am getting this error repeatedly: 但是我反复收到此错误：

warning C4996: 'sprintf': This function or variable may be unsafe. 警告C4996：'sprintf'：此函数或变量可能不安全。

Why this is happening? 为什么会这样呢？ I would appreciate any help. 我将不胜感激任何帮助。

2 个解决方案

The compiler warns against sprintf() use because it may cause buffer overflow since it doesn't check buffer's limit. 编译器警告不要使用sprintf()因为它可能会由于不检查缓冲区限制而导致缓冲区溢出。 Instead, use snprintf() which never fills the buffer beyond the passed-in limit. 而是使用snprintf()来填充缓冲区，永远不要超出传入的限制。

This advice is also given by the manpage : 联机帮助页也提供了此建议：

Because sprintf() and vsprintf() assume an arbitrarily long string, callers must be careful not to overflow the actual space; 因为sprintf（）和vsprintf（）假定使用任意长的字符串，所以调用者必须注意不要溢出实际空间。 this is often impossible to assure. 这通常是无法保证的。 Note that the length of the strings produced is locale-dependent and difficult to predict. 请注意，生成的字符串的长度与语言环境有关，并且难以预测。 Use snprintf() and vsnprintf() instead (or asprintf(3) and vasprintf(3)). 请改用snprintf（）和vsnprintf（）（或asprintf（3）和vasprintf（3））。

It's insecure because - From MSDN 这是不安全的，因为- 来自MSDN

There is no way to limit the number of characters written, which means that code using sprintf is susceptible to buffer overruns. 无法限制写入的字符数，这意味着使用sprintf的代码容易受到缓冲区溢出的影响。 Consider using the related function _snprintf, which specifies a maximum number of characters to be written to buffer, or use _scprintf to determine how large a buffer is required. 考虑使用相关的函数_snprintf，该函数指定要写入缓冲区的最大字符数，或者使用_scprintf来确定需要多大的缓冲区。 Also, ensure that format is not a user-defined string. 另外，请确保格式不是用户定义的字符串。