Jump to content
  • Advertisement
Sign in to follow this  
Psychopathetica

Annoying 'swprintf': name was marked as #pragma deprecated warnings

This topic is 2148 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I'm using VC++ 2010 and although my game works great, I'm getting 3 warnings after compiling I would like removed:

1>C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\include\string(757): warning C4995: 'swprintf': name was marked as #pragma deprecated
1>C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\include\string(766): warning C4995: 'swprintf': name was marked as #pragma deprecated
1>C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\include\string(775): warning C4995: 'swprintf': name was marked as #pragma deprecated

It's from using #include <string.h> I believe. How can I remove these warnings?

Share this post


Link to post
Share on other sites
Advertisement

don't use swprintf , it is a very unsafe function that can result in buffer overruns, either use C++ strings (std::stringstream can usually be used instead of the sprintf functions) or the safer _snwprintf function if you absolutely must use awful c strings.

Edited by SimonForsman

Share this post


Link to post
Share on other sites

You can disable and enable warnings like this:

#pragma warning( push )
#pragma warning( disable: 4995 )
int itemsWritten = swprintf(mybuffer, BUF_LEN, formatString, foo);
#pragma warning( pop )

There are safer alternatives, but if you are dead-set on using the code for some reason without the warnings, this will do it.

 

The problem is that it is possible to corrupt the stack and possible to write to memory with carefully crafted strings. If any of them come from an attacker or from a user-supplied input the results can be extreme, including allowing an attacker to take over the entire system.

 

For example, Visual Studio's default library will intentionally crash as a safety precaution if it sees the %n flag in format string. You read that right, they decided it was safer to completely crash a completely valid program rather than let the potential exploit go through. Your code can be absolutely correct, but just because there are so many creative hackers out there attempting to use the printf family for exploits and this was such a common attack vector, they blocked it. You can change the behavior but you are far better using alternative approaches.

Share this post


Link to post
Share on other sites

I was going to say if you use a constant format string you specify and know your buffer limits it's not that unsafe but then again if I was hacking I'd probably change the format string to how I liked it in the data section ;) A hacker could probably change the length argument passed to the alternatives though and force a buffer overrun that way?

Share this post


Link to post
Share on other sites

Alright I'll check it out. Would have replied sooner but I've been very busy with school and work. I'll see if I can use another method. I'm mainly using the strings to open up an mp3 using DirectShow for my game which works great. But the warnings are what bothered me. Gonna try to fix it when I get to the house.

Share this post


Link to post
Share on other sites

Hope i won't get bashed for this, but i generally just use "_CRT_SECURE_NO_WARNINGS" in the "additionnal preprocessor directive" of the project property and that get rid of those pesky warnings. Another way to do it is by using #pragma warning(disable: 4xxx) as frob pointed out.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!