The March 2008 issue of MSDN Magazine includes a nice article about protecting your C/C++ programs. You can check out the article at http://msdn2.microsoft.com/en-us/magazine/cc337897.aspx.
Visual C++ Team
Thanks for interesting article. I agree that a bunch of buffer overrun/security functionality has been added into the VC++ toolsets - and it's good to see a concise overview in one article. I value both the toolset functionality and article. Thanks.
On the VC++ consumer side (which is where I've always been), I see developers not taking enough responsibility in their own code. Case in point: too much code forgoes a tried-and-true string class (MFC CString, STL string, etc..) and instead roll-your-own-buggy-string, or worse yet: copy and paste parts of string manipulation logic (TCHAR + malloc, realloc, etc) all about the code base.
I agree there are situations where something like CString is: not the best idea, won't work, your code predates CString, or you have millions of lines of legacy code that won't be refactored anytime soon. And, there may be situations requiring a custom string class. But, I believe, too often a proven and reusable string class is simply not used: just because. My take: when possible, developers and architects should try harder to use reusable string classes. There isn't much overhead in CString, and if you pass it by pointer or reference, there’s no copy cost. Plus you get a bunch of built in functionality. Having used CString for the past eight years, I can safely say my code is more maintainable, safer and more extendable. I still occasionally need to call CString::GetBufferSetLength, or use TCHARs, but in new code I use CString about 99.9% of the time. (hey, I’ve evolved)
This comment is not an action item for the VC++ team – it's just my opinion on the same topic for other VC++ consumers.
Code reviews find most of the overruns or roll your own string class problems.
Quite often, the developer does not even know that the problems exist and/or that a particular well known basic class (e.g., string) exists.
We see this on both the C++ side and the C#/VB.NET side.
Code reviews often illuminate nonsensical use of OOP language features such as rolling your own non-static class for what essentially is a 2 or 3 static method set of function calls.
It's great to get a properly written article.
Which makes me wonder: why can't the blogs be written to a higher standard? I know it's supposed to be a kind of "log" thing, not a book excerpt, but sometimes the longer blog entries lack structure, or contain incorrect grammar, and sometimes even ambiguous language that leaves the reader unsure if the writer *really* meant to say what they just did.
C'mon, VC++ team, raise the bar. Team-review work before it's published and improve yourselves and others!