Warning C4996 잡기

strcpy , strcat 등의 함수 사용시 VS2005 , VS2008에서 발생하는 아래의 경고,

 

warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead.

To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.

 

이하 MSDN .

" 일부 CRT 및 표준 C++ 라이브러리 함수는 보안이 강화된 새 함수로 대체되어 더 이상 사용되지 않습니다. 더 이상 사용되지 않는 함수에 대한 자세한 내용은 Security Enhancements in the CRT 및 Safe Libraries: Standard C++ Library를 참조하십시오. "

 

Security Enhancements in the CRT

Significant enhancements have been made to make the CRT more secure.

Many CRT functions now have more secure versions.

If a new secure function exists, the older, less secure version is marked as deprecated and the new version has the _s ("secure") suffix.

For example, the strcpy function has no way of telling if the string that it is copying is too big for its destination buffer. However, its secure counterpart, strcpy_s, takes the size of the buffer as a parameter,

so it can determine if a buffer overrun will occur. If you use strcpy_s to copy eleven characters into a ten-character buffer, that is an error on your part; strcpy_s cannot correct your mistake, but it can detect your error and inform you by invoking the invalid parameter handler.

 

--- 해결방법으로,

헤더파일에 #define _CRT_SECURE_NO_WARNINGS 혹은 #pragma warning(disable:C4996) 을 선언해주면 된다.

또는 "프로젝트 속성(Alt + F7)" -> " 구성속성 " -> " C/C++ " -> " 전처리기" 에서 전처리기 속성에

_CRT_SECURE_NO_WARNINGS 를 추가 시켜도 된다.

 

--- 더 나은 방법 ( 그냥 이런것도 있구나 라고 참고하기바람 )

Many CRT functions have been deprecated in favor of newer, security-enhanced versions (for example, strcpy_s is the more secure replacement for strcpy). The CRT provides template overloads to help ease the transition to the more secure variants.

For example, this code generates a warning because strcpy is deprecated:

char szBuf[10]; strcpy(szBuf, "test"); // warning: deprecated

 

You can ignore the warning, define the symbol _CRT_SECURE_NO_WARNINGS to suppress the warning, or update the code to use strcpy_s:

char szBuf[10]; strcpy_s(szBuf, 10, "test"); // security-enhanced _s function

 

The template overloads provide additional choices. Defining _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES to be 1 enables template overloads of standard CRT functions that call the more secure variants automatically. If _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES is 1, then no changes to the code are necessary. Behind the scenes, the call to strcpy will be changed to a call to strcpy_s with the size argument supplied automatically.

#define _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES 1 ... char szBuf[10]; strcpy(szBuf, "test"); // ==> strcpy_s(szBuf, 10, "test")

 

_CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES does not affect the functions that take a count,

such as strncpy. To enable template overloads for the count functions, define _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES_COUNT to be 1.

Before doing so, however, make sure that your code passes the count of characters, not the size of the buffer (a common mistake). Also, code that explicitly writes a null terminator at the end of the buffer after the function call is unnecessary if the secure variant is called. If you need truncation behavior, see _TRUNCATE.

Defining _CRT_SECURE_CPP_OVERLOAD_SECURE_NAMES to be 1 enables template overloads of the secure variants (names ending in "_s"). In this case, if _CRT_SECURE_CPP_OVERLOAD_SECURE_NAMES is 1, then one small change must be made to the original code:

#define _CRT_SECURE_CPP_OVERLOAD_SECURE_NAMES 1 ... char szBuf[10]; strcpy_s(szBuf, "test"); // ==> strcpy_s(szBuf, 10, "test")

 

Only the name of the function needs to be changed (by adding "_s"); the template overload will take care of providing the size argument.

By default, _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES and _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES_COUNT are defined as 0 (disabled) and _CRT_SECURE_CPP_OVERLOAD_SECURE_NAMES is defined as 1 (enabled).

Note that these template overloads only work for static arrays.

 

Dynamically allocated buffers require additional source code changes. Revisiting the above examples:

#define _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES 1 ... char *szBuf = (char*)malloc(10); strcpy(szBuf, "test"); // still deprecated; have to change to // strcpy_s(szBuf, 10, "test");

And this:

#define _CRT_SECURE_CPP_OVERLOAD_SECURE_NAMES 1 ... char *szBuf = (char*)malloc(10); strcpy_s(szBuf, "test"); // doesn't compile; have to change to // strcpy_s(szBuf, 10, "test");

한마디로 정적 할당일 경우 위 define 들이 먹히지만, 동적 할당일 경우엔 _s 를 붙여야 한다는 것.

제일 좋은 방법은 그냥 CRT 함수들을 쓸 때, _s 를 붙여서 코딩하는 습관을 들이는 것이다.