ISO/ IEC JTC1/SC22/WG14 N1049

WG14 N1049

SUGGESTED CHANGES TO N1031
SECURE C LIBRARY FUNCTIONS

P.J. Plauger
Dinkumware, Ltd.
pjp@dinkumware.com

----------- FIRST BATCH ----------

<stdio.h>

-- gets_s should take a size_t length argument, not an int

-- gets_s should describe what happens if n <= 0

-- gets_s should always store a null character

<stdlib.h>

-- should define RAND_MAX_S, not RAND_S_MAX (see TMP_MAX_S)

-- should define additional overloads for bsearch_s and
qsort_s in C++, in parallel with bsearch and qsort

<string.h>

-- should define errno_t as int

-- should use errno_t for return values of functions that
return error code, and for error code argument to strerror_s

-- should rename strtok_r as strtok_s

<time.h>

-- should define errno_t as int

-- should use errno_t for return values of functions that
return error code

-- should add gmtime_s and localtime_s, each with a
struct tm * first argument

<wchar.h>

wcslen_s should take a size_t length argument, not an int


----------- SECOND BATCH ----------

<stdio.h>

-- should define errno_t as int

-- tmpnam_s documentation should compare the length of the
filename to maxsize-1, not maxsize.

-- scanf should add optional .prec after width, where prec
is either a decimal number or a * (to read a size_t argument).
Default prec is (size_t)(-1). For c s [], prec specifies the
maximum number of elements to store in the array pointed
to by the argument, including any terminating nul. If not
all consumed characters can be stored, the conversion will
fail.

-- scanf_s should be the same, except that default prec is
zero. (Hence it must be specified or the conversion will
always fail.)

<string.h>

-- strlen_s should take a size_t length parameter, not an int


----------- THIRD BATCH ---------- 14 Nov 03

<time.h>

-- gmtime_s and localtime_s should return a struct tm *


----------- FOURTH BATCH --------- 11 Jan 04

<string.h>

-- gets_s should return a null pointer for a null pointer argument.

-- strncpy_s and strncat_s should return ERANGE for null pointer arguments.

-- strnlen_s should return zero for a null pointer argument.

<wchar.h>

-- wcsncpy_s and wcsncat_s should return ERANGE for null pointer arguments.

-- wcsnlen_s should return zero for a null pointer argument.

In general, the secure library functions should have defined, and safe,
semantics for null pointer arguments.