Home » Linux, mICROSOFT, Programming, Security, Windows

Microsoft programmers start banning memcpy on their products

30 May 2009 One Comment

Memcpy is the fastest way to copy one chunk of memory to another. But right now Microsoft is banning memcpy function from their products. memcpy over the years was responsable for a lot of security problems in Microsoft products, but the main problem of this function was the programmer. The approach of this function was to provide us a very fast way to copy a chunk of memory to another and it succeed over the years, but passing bad variables to it is the programmer fault not the function itself.

I was just curious how many times memcpy appears in linux kernel source ( code and I just run following command to find out

find . -name *.[hcS] -not -regex ‘./.git.*’ | xargs cat | grep memcpy | wc -l

And the result was

A lot of possible bugs … then why Linus doesn’t ban this function from the Linux kernel?

Beside that Microsoft also ban : RtlCopyMemory, CopyMemory.

From msdn site: http://blogs.msdn.com/sdl/archive/2009/05/14/please-join-me-in-welcoming-memcpy-to-the-sdl-rogues-gallery.aspx

Now developers who want to be SDL compliant will should replace memcpy() functions with memcpy_s, that takes an additional parameter defining the size of the destination buffer. But my Question is: what if happens if all parametres are wrong ? You can only check the consistency of 2 arguments … and memcpy_s it seems is 3 times slower.

In the article from msdn site posted by sdl we have some hints how to write our code SDL compliant.

#pragma deprecated (memcpy, RtlCopyMemory, CopyMemory)

in your header files and at compile time you should see something like

warning C4995: ‘memcpy’: name was marked as #pragma deprecated

Also you can ban this on GCC compilers in this way:

#pragma GCC poison memcpy RtlCopyMemory CopyMemory

Happy Coding !

One Comment »

  • Twitted by cloroman (author) said:

    […] This post was Twitted by cloroman – Real-url.org […]

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.