Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
A year ago, I wrote a short post about us banning memcpy in the SDL for new code. Well, I’m happy to announce that in VC++ 2010, we have made it much easier to remove potentially insecure calls to memcpy and replace them with more secure calls to memcpy_s; it’s automagic, just like we do did for other banned functions!
As I said in a previous post, I am a huge fan of adding defenses to code automatically, and making such changes as easy as possible for software engineers, and this auto-migration is a great example.
In short, if your code has a call to memcpy, and the compiler can determine the destination buffer size at compile time, the compiler will replace the call to memcpy with a call to memcpy_s.
For example, if you compile the code below with:
cl /D_CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES_MEMORY=1 foo.cpp
#include <memory.h>
int main() {
int src[100]; const size_t src_size = _countof(src) * sizeof(int);
memset(src, 12, src_size);
const size_t dst_size_int = _countof(src); int dst[dst_size_int];
memcpy(dst, src, src_size);
return 0;
}
You’ll see that the calls to memcpy are replaced with memcpy_s courtesy of this code in memory.h:
#if defined(__cplusplus) && _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES_MEMORY
extern "C++" {
#ifndef _CRT_ENABLE_IF_DEFINED
#define _CRT_ENABLE_IF_DEFINED
template<bool _Enable, typename _Ty>
struct _CrtEnableIf;
template<typename _Ty>
struct _CrtEnableIf<true, _Ty>
{
typedef _Ty _Type;
};
#endif
template <size_t _Size, typename _DstType>
inline
typename _CrtEnableIf<(_Size > 1), void *>::_Type __cdecl memcpy(_DstType (&_Dst)[_Size], _In_opt_bytecount_(_SrcSize) const void *_Src, _In_ size_t _SrcSize) _CRT_SECURE_CPP_NOTHROW
return memcpy_s(_Dst, _Size * sizeof(_DstType), _Src, _SrcSize) == 0 ? _Dst : 0;
Note that for this to work, you must define a preprocessor variable:
_CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES_MEMORY = 1
This is another great example of why migrating your C++ code to Visual C++ 2010 can help improve the security of the code with virtually no engineering effort.
(Big thanks to the C++ folks over in the Developer Division for getting this work done in time for VC++ 2010)
- Michael