MPS issue job001934

TitleMPS VC9 build failure C4996: getenv considered insecure
Assigned userRichard Kistruck
DescriptionMPS VC9 build failure C4996: getenv considered insecure

MPS build fails with Microsoft Visual C++ 2008 (version 9, aka VC9),
because of three C runtime library routines facilities used by the
example ANSI plinth and by testlib.c. (Note: these are not in the
MPS library itself).

Reported by VC9 as:
  warning C4996: '<name>': This function or variable may be unsafe.
  Consider using <other-name> instead. To disable deprecation, use
  _CRT_SECURE_NO_WARNINGS. See online heklp for details.
AnalysisRHSK 2008-09-29
Problems in:
  mpsliban.c (getenv);
  mpsioan.c (fopen et al);
  testlib.c (sscanf);
  eventcnv.c (fopen ,sscanf, strncpy)
Fix is #pragma warning ( disable : 4996 ).

RHSK 2008-10-17
Are these particular warning cases really a security risk to
production code using MPS? No.

In detail:

mps_lib_telemetry_control() in mpsliban.c is only called in
telemetry-log-event varieties, which is not normally used in a
production environment. Also, it's hardly risky code.
Indeed, even reading CERT Secure Coding note ENV-00 about this,
it's hard to see what the risk is:

mpsioan.c is only used in telemetry-log-event varieties. And what's
wrong with fopen() exactly?

testlib.c is only used in MPS tests, of course, so no risk.
eventcnv.c is not used in production environment.

Could this warning show up some other genuine problem? Possibly, yes.
So should this warning be disabled globally? No.
Locally? Yes, we can do that: in mpsliban.c the getenv is in the
final function. Add a note to make it clear.

The #pragma should be ifdef'd for MPS_BUILD_MV. (VC6 accepts it,
therefore no need to ifdef'd for MSVC version). Note that
MPS_BUILD_MV is set by mpstd.h (target detection), which all
affected .c files include.

RHSK 2009-02-16
Same for sscanf in newly-written zcoll.c (test file).
How foundunknown
Observed in1.108.0
Created byRichard Kistruck
Created on2008-09-29 17:27:39
Last modified byRichard Kistruck
Last modified on2009-02-16 15:12:24
History2008-09-29 RHSK Created.
2008-10-17 RHSK How to disable the warning in the right way & place
2008-10-20 RHSK eventnv.c also fails; full warning text
2008-11-03 RHSK (tweak) say C4996 in job title
2009-02-16 RHSK Same for sscanf in newly-written zcoll.c (test file).


Change Effect Date User Description
167379 closed 2009-02-16 14:57:54 Richard Kistruck MPS br/timing zcoll.c: (fix compiler warning for w3i3m9) VC9 warns that sscanf is unsafe; disable this warning for zcoll.c. See also job001934.
166497 closed 2008-10-20 15:12:15 Richard Kistruck MPS br/vc9: under ifdef MPS_BUILDER_MV, disable warning 4996 where
necessary for VC9 builds.