Microsoft programmers start banning memcpy on their products
Memcpy is the fastest way to copy one chunk of memory to another. But right now Microsoft is banning memcpy function from their products. memcpy over the years was responsable for a lot of security problems in Microsoft products, but the main problem of this function was the programmer. The approach of this function was to provide us a very fast way to copy a chunk of memory to another and it succeed over the years, but passing bad variables to it is the programmer fault not the function itself.
I was just curious how many times memcpy appears in linux kernel source (126.96.36.199) code and I just run following command to find out
find . -name *.[hcS] -not -regex ‘./.git.*’ | xargs cat | grep memcpy | wc -l
And the result was
A lot of possible bugs … then why Linus doesn’t ban this function from the Linux kernel?
Beside that Microsoft also ban : RtlCopyMemory, CopyMemory.
From msdn site: http://blogs.msdn.com/sdl/archive/2009/05/14/please-join-me-in-welcoming-memcpy-to-the-sdl-rogues-gallery.aspx
Now developers who want to be SDL compliant will should replace memcpy() functions with memcpy_s, that takes an additional parameter defining the size of the destination buffer. But my Question is: what if happens if all parametres are wrong ? You can only check the consistency of 2 arguments … and memcpy_s it seems is 3 times slower.
In the article from msdn site posted by sdl we have some hints how to write our code SDL compliant.
#pragma deprecated (memcpy, RtlCopyMemory, CopyMemory)
in your header files and at compile time you should see something like
warning C4995: ‘memcpy’: name was marked as #pragma deprecated
Also you can ban this on GCC compilers in this way:
#pragma GCC poison memcpy RtlCopyMemory CopyMemory
Happy Coding !