WG14 N1049 SUGGESTED CHANGES TO N1031 SECURE C LIBRARY FUNCTIONS P.J. Plauger Dinkumware, Ltd. pjp@dinkumware.com ----------- FIRST BATCH ---------- -- gets_s should take a size_t length argument, not an int -- gets_s should describe what happens if n <= 0 -- gets_s should always store a null character -- should define RAND_MAX_S, not RAND_S_MAX (see TMP_MAX_S) -- should define additional overloads for bsearch_s and qsort_s in C++, in parallel with bsearch and qsort -- should define errno_t as int -- should use errno_t for return values of functions that return error code, and for error code argument to strerror_s -- should rename strtok_r as strtok_s -- should define errno_t as int -- should use errno_t for return values of functions that return error code -- should add gmtime_s and localtime_s, each with a struct tm * first argument wcslen_s should take a size_t length argument, not an int ----------- SECOND BATCH ---------- -- should define errno_t as int -- tmpnam_s documentation should compare the length of the filename to maxsize-1, not maxsize. -- scanf should add optional .prec after width, where prec is either a decimal number or a * (to read a size_t argument). Default prec is (size_t)(-1). For c s [], prec specifies the maximum number of elements to store in the array pointed to by the argument, including any terminating nul. If not all consumed characters can be stored, the conversion will fail. -- scanf_s should be the same, except that default prec is zero. (Hence it must be specified or the conversion will always fail.) -- strlen_s should take a size_t length parameter, not an int ----------- THIRD BATCH ---------- 14 Nov 03 -- gmtime_s and localtime_s should return a struct tm * ----------- FOURTH BATCH --------- 11 Jan 04 -- gets_s should return a null pointer for a null pointer argument. -- strncpy_s and strncat_s should return ERANGE for null pointer arguments. -- strnlen_s should return zero for a null pointer argument. -- wcsncpy_s and wcsncat_s should return ERANGE for null pointer arguments. -- wcsnlen_s should return zero for a null pointer argument. In general, the secure library functions should have defined, and safe, semantics for null pointer arguments.