, 7 tweets, 1 min read
My Authors
Read all threads
Whelp, this about wraps it up for memcpy_s(). It looks like we need to go back to the drawing board and find a new secure function to copy memory in C.
The C programming language that run almost all of the world's compute infrastructure has both the feature and the flaw that it doesn't double-check memory. Thus, bugs in one part of the code can overwrite memory used in other parts.
It's a necessary feature for some "systems" programming, but is also dangerous for other tasks. Language like Rust solve this by being inherently "safe" for most accesses, allowing "unsafe" access only when needed.
Microsoft has addressed this by replacing 'memcpy()' (memory copies) with a safer version 'memcpy_s()' that double-checks where memory is being copied into.
It does vastly improve safety, but at the same time, it only solve specific problems. Here, it was a stupid replacement that shouldn't have been done.
Normally, memcpy_s() guards against run over the end of the buffer. Here, the problem is figuring out where the buffer starts, the "offset" from the start of the buffer.
What you really want is a function that checks the starting offset hasn't gone past the end of the buffer as well, like:
memcpy_offset_s(buf, offset, max, src, length).
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Rob ☃️ Graham

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!