Usage of C11 Annex K Bounds-checking interfaces on GCC

[li zi]

Hi All,
We are using gcc in our projects and we found some of the C standard functions 
(like memcpy, strcpy) used in gcc may induce security vulnerablities like 
buffer overflow. Currently we have not found any instances which causes such 
issues.
But we feel better to change these calls to Cll Annex K Bounds-checking 
interfaces like memcpy_s, strcpy_s etc. By defining a secure calls method (list 
of func pointers) and allowing application to register the method. I understand 
that this affects performance because of return value check added for _s 
calls, but this will relieve overflow kind of issues from code. And also 
currently using bounds-checking interfaces is a general industry practice.
Please share your opinion on it, and if any discussion happened in community to 
do some changes in future.

Thanks.

获取 Outlook for Android

Usage of C11 Annex K Bounds-checking interfaces on GCC

[li zi]

Hi All,
We are using gcc in our projects and we found some of the C standard functions 
(like memcpy, strcpy) used in gcc may induce security vulnerablities like 
buffer overflow. Currently we have not found any instances which causes such 
issues.
But we feel better to change these calls to Cll Annex K Bounds-checking 
interfaces like memcpy_s, strcpy_s etc. By defining a secure calls method (list 
of func pointers) and allowing application to register the method. I understand 
that this affects performance because of return value check added for _s 
calls, but this will relieve overflow kind of issues from code. And also 
currently using bounds-checking interfaces is a general industry practice.
Please share your opinion on it, and if any discussion happened in community to 
do some changes in future.

Thanks.
li