Microsoft To Banish Memcpy()

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

Microsoft To Banish Memcpy() 486

Posted by kdawson on Friday May 15, 2009 @11:26AM from the good-riddance dept.

kyriacos notes that Microsoft will be adding memcpy() to its list of function calls banned under its secure development lifecycle. This reader asks, "I was wondering how advanced C/C++ programmers view this move. Do you find this having a negative impact on the flexibility of the language, and do you think it will restrict the creativity of the programmer?"

This discussion has been archived. No new comments can be posted.

Microsoft To Banish Memcpy()

Search 486 Comments Log In/Create an Account

Comments Filter:

malloc() and free() (Score:5, Funny)

by Anonymous Coward writes: on Friday May 15, 2009 @11:30AM (#27967373)

Those are also dangerous functions. And also array indexing! That should also be eliminated.

Share
twitter facebook
Python is done (Score:4, Funny)

by sunami ( 751539 ) writes: on Friday May 15, 2009 @11:30AM (#27967379)

Figures, Microsoft had to go kill of python and do it all in the name of security. No more accessing MEMory in C structures from our .PY files, damn it this really pisses me off.

Share
twitter facebook
First they take my gets.. (Score:5, Funny)

by adonoman ( 624929 ) writes: on Friday May 15, 2009 @11:33AM (#27967459)

First they came for gets, then they took scanf and strcpy, now they want memcpy? Outrageous! How are virus writers going to be able to take advantage of buffer overflows if I'm continuously keeping track of how big my buffers are? I may have to start lying about their size just to give hackers a chance.

Share
twitter facebook
the worst offender is main() (Score:5, Funny)

by JeanBaptiste ( 537955 ) writes: on Friday May 15, 2009 @11:40AM (#27967589)

Most any security problem can be traced back to this function.

Parent Share
twitter facebook
"memmove()" is safer than "memcpy()". (Score:2, Funny)

by reporter ( 666905 ) writes: on Friday May 15, 2009 @11:40AM (#27967593) Homepage

Though "memcpy()" is slightly faster than "memmove()", the latter is safer.
As Windows products are now (and have been) mainstream products used extensively in banks and other financial institutions, reliability and security (RS) have prime importance. The speed that "memcpy()" gets you is not worth the price of reduced RS.

Parent Share
twitter facebook
Re:A half-measure, at best... (Score:4, Funny)

by wampus ( 1932 ) writes: on Friday May 15, 2009 @11:42AM (#27967641)

So, Ben... or is it Peter? Do you always copy your comments verbatim from the linked article, or only when you agree with them?

Parent Share
twitter facebook
Re:the worst offender is main() (Score:5, Funny)

by Khashishi ( 775369 ) writes: on Friday May 15, 2009 @12:08PM (#27968189) Journal

you mean WinMain()

Parent Share
twitter facebook
Re:First they take my gets.. (Score:5, Funny)

by Anonymous Coward writes: on Friday May 15, 2009 @12:12PM (#27968267)

First they came for gets, And I didn't speak up because I didn't use gets
Then they came for scanf, And I didn't speak up because I didn't use scanf
Then they came for strcpy, And I didn't speak up because I didn't use strcpy
And then... they came for memcpy... And by that time there was no one left to speak up.

Parent Share
twitter facebook
elevator firmware runs Windows? (Score:2, Funny)

by Gary W. Longsine ( 124661 ) writes: on Friday May 15, 2009 @12:43PM (#27968861) Homepage Journal

Oh, stars above, what have we done...

Parent Share
twitter facebook
Quit kicking a dead horse and just use Ada (Score:1, Funny)

by Anonymous Coward writes: on Friday May 15, 2009 @12:59PM (#27969155)

Silly humans. Use Ada if you want to build something that works.

Share
twitter facebook
Re:No - there are plenty of safer alternatives (Score:4, Funny)

by buchner.johannes ( 1139593 ) writes: on Friday May 15, 2009 @01:51PM (#27969965) Homepage Journal

I'm not saying you can't get yourself into trouble with inappropriate use of memcpy(3), but buffer overruns aren't the go-to threat every time.
Didn't we already defeat the goto threat?
More to the point, if the developer doesn't know what memcpy does and how to use it correctly ... I mean ...
You might aswell write the 3 lines of code behind memcpy yourself.

Parent Share
twitter facebook
The goto threat == Raptors (Score:4, Funny)

by beathach ( 1441861 ) writes: on Friday May 15, 2009 @02:15PM (#27970355)

Foolish mammal, they cannot be defeated so easily. http://xkcd.com/292/ [xkcd.com]

Parent Share
twitter facebook
Re:malloc() and free() (Score:1, Funny)

by Anonymous Coward writes: on Friday May 15, 2009 @03:07PM (#27971065)

The more they make C++ "safe", the more it becomes like Java. The more they make Java "powerful", the more it becomes like C++.
If you fix everything that is "wrong" in Java, you get C++. If you fix everything that is "wrong" in C++, you get Java.
Funny how that works. It's as if one tool cannot be everything to everyone.

Parent Share
twitter facebook
Re:No - there are plenty of safer alternatives (Score:5, Funny)

by James Skarzinskas ( 518966 ) writes: on Friday May 15, 2009 @03:18PM (#27971189)

In an effort to "one-up" Microsoft, Apple promises to replace their own memcpy() with one that not only does not require a size for the destination buffer, but does not require a destination buffer at all. While Apple programmers call the move "totally pointless" and "absolute proof of functional retardation", Steve Jobs has simply responded, sagely, that the future of Apple development is through so-called "intuitive APIs". It just works.

Parent Share
twitter facebook
Re:Silly and useless (Score:3, Funny)

by harry666t ( 1062422 ) writes: <harry666t@DEBIANgmail.com minus distro> on Friday May 15, 2009 @04:02PM (#27971795)

> if (sizetocopy = sizeofdstbuffer)

ouch.

Parent Share
twitter facebook
Ban = operator also (Score:3, Funny)

by Safiire Arrowny ( 596720 ) writes: on Friday May 15, 2009 @04:16PM (#27971981) Homepage

If a developer can't do "if (sizetocopy = sizeofdstbuffer)"
Uh oh, we'd better ban the = operator too, so no one can mistake it for == in an if statement ever again.

Parent Share
twitter facebook
Re:Good. (Score:3, Funny)

by JustNiz ( 692889 ) writes: on Friday May 15, 2009 @06:08PM (#27973277)

Yes and yes. I've been a developer for over 30 years now(nearly all C or C++). How about you?

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Microsoft To Banish Memcpy() 486

Microsoft To Banish Memcpy() More Login

Microsoft To Banish Memcpy()

malloc() and free() (Score:5, Funny)

Python is done (Score:4, Funny)

First they take my gets.. (Score:5, Funny)

the worst offender is main() (Score:5, Funny)

"memmove()" is safer than "memcpy()". (Score:2, Funny)

Re:A half-measure, at best... (Score:4, Funny)

Re:the worst offender is main() (Score:5, Funny)

Re:First they take my gets.. (Score:5, Funny)

elevator firmware runs Windows? (Score:2, Funny)

Quit kicking a dead horse and just use Ada (Score:1, Funny)

Re:No - there are plenty of safer alternatives (Score:4, Funny)

The goto threat == Raptors (Score:4, Funny)

Re:malloc() and free() (Score:1, Funny)

Re:No - there are plenty of safer alternatives (Score:5, Funny)

Re:Silly and useless (Score:3, Funny)

Ban = operator also (Score:3, Funny)

Re:Good. (Score:3, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot