On 08:50 Wed 06 Apr , Kelly O'Hair wrote: > > Just an FYI... > > Anyone working with C/C++ should be well aware of the functions we should be > avoiding: > http://hub.opensolaris.org/bin/view/Community+Group+security/funclist > > Microsoft has used the term "banned" and has a much more extensive list: > http://msdn.microsoft.com/en-us/library/bb288454.aspx > > Unfortunately, we often cannot use the recommended replacements unless we > know that the > replacement is available on all platforms, however, some are fairly obvious, > like using snprintf > instead of sprintf. > > Functions like sprintf, vsprintf, strcat, strcpy, access, chmod, chown, > lchown, chdir, ... > all have know issues or have caused too many common mistakes over the years, > we need to > avoid the use of these functions. >
Thanks for the list. That'll surely prove a useful reference. Have you considered using autoconf in OpenJDK? It was pretty much designed for just this scenario (checking the availability of functions). > -kto -- Andrew :) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) Support Free Java! Contribute to GNU Classpath and IcedTea http://www.gnu.org/software/classpath http://icedtea.classpath.org PGP Key: F5862A37 (https://keys.indymedia.org/) Fingerprint = EA30 D855 D50F 90CD F54D 0698 0713 C3ED F586 2A37
