diff options
author | Jan Vorlicek <janvorli@microsoft.com> | 2016-11-21 16:22:45 +0100 |
---|---|---|
committer | Jan Kotas <jkotas@microsoft.com> | 2016-11-21 07:22:45 -0800 |
commit | 716cb7ea87e40abb4b106df55af7ff4666170296 (patch) | |
tree | 512ecfde277f7257c8f883715ba0b2596e415db5 /src/nativeresources | |
parent | 3c3ab1a269a48b81c2a57e55da76b7e5f0f24eb9 (diff) | |
download | coreclr-716cb7ea87e40abb4b106df55af7ff4666170296.tar.gz coreclr-716cb7ea87e40abb4b106df55af7ff4666170296.tar.bz2 coreclr-716cb7ea87e40abb4b106df55af7ff4666170296.zip |
Remove unsafe banned functions (#8162)
This change removes _snwprintf, _snprintf and _vsnwprintf usage from CoreCLR and
their implementations from PAL.
PAL exposes their secure variants instead and CoreCLR now uses those instead.
I have also removed the StringCchPrintfA/W, StringCchVPrintfA/W, StringCbVPrintfA/W,
StringCbPrintfA/W, StringCbPrintfExA/W, StringCchVPrintfExA/W, StringCbVPrintfExA/W
and StringCchPrintfExA/W replaced their usage by the secure variants of the sprintf
functions, since they were used at only few places and implementing all of the variants
using the secure sprintf variants would be a hassle.
I also needed to fix a missing support for size modifiers for %p formatting character
and for wide characters / strings in the secure sprintf functions that was revealed
by the PAL tests.
I have also removed a bunch of PAL tests that were using %n formatting character which
was not implemented since it is considered unsafe and translated PAL tests that were using
the removed functions to use the safe variants of those.
Diffstat (limited to 'src/nativeresources')
-rw-r--r-- | src/nativeresources/resourcestring.cpp | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/nativeresources/resourcestring.cpp b/src/nativeresources/resourcestring.cpp index 13d5aeeef9..236a2a3ca7 100644 --- a/src/nativeresources/resourcestring.cpp +++ b/src/nativeresources/resourcestring.cpp @@ -42,11 +42,11 @@ int LoadNativeStringResource(const NativeStringResourceTable &nativeStringResour else { // The resource ID wasn't found in our array. Fall back on returning the ID as a string. - len = _snwprintf(szBuffer, iMax - 1, W("[Undefined resource string ID:0x%X]"), iResourceID); - if ((len < 0) || (len == (iMax - 1))) - { - // Add string terminator if the result of _snwprintf didn't fit the buffer. - szBuffer[iMax - 1] = W('\0'); + len = _snwprintf_s(szBuffer, iMax, _TRUNCATE, W("[Undefined resource string ID:0x%X]"), iResourceID); + if (len < 0) + { + // The only possible failure is that that string didn't fit the buffer. So the buffer contains + // partial string terminated by '\0' len = iMax - 1; } } |