flat assembler
Message board for the users of flat assembler.
![]() Goto page 1, 2 Next |
Author |
|
revolution 20 May 2009, 12:44
Microsoft plans to formally banish the popular programming function that's been responsible for an untold number of security vulnerabilities over the years, not just in Windows but in countless other applications based on the C language. Effective later this year, Microsoft will add memcpy(), CopyMemory(), and RtlCopyMemory() to its list of function calls banned under its secure development lifecycle. http://msdn.microsoft.com/en-us/library/bb288454.aspx |
|||
![]() |
|
vid 20 May 2009, 13:13
WTF? How are they going to copy blocks of memory now?
|
|||
![]() |
|
revolution 20 May 2009, 14:52
vid: Look at the second link I posted. It has the alternate APIs.
|
|||
![]() |
|
pal 20 May 2009, 15:20
Hmm, are you sure this is going to happed (soon anyway).
http://msdn.microsoft.com/en-us/library/bb288454.aspx wrote:
Seems a bit old; two years. |
|||
![]() |
|
revolution 20 May 2009, 16:01
Just a few days ago in the MSDN blog:
http://blogs.msdn.com/sdl/archive/2009/05/14/please-join-me-in-welcoming-memcpy-to-the-sdl-rogues-gallery.aspx |
|||
![]() |
|
drhowarddrfine 20 May 2009, 16:07
This made me laugh:
Quote: Simply replacing a banned function call with a better replacement does not guarantee that the code is secure. It's possible to misuse the replacement function, most commonly by getting the destination buffer size wrong. |
|||
![]() |
|
pal 20 May 2009, 16:20
Ahh OK, I guess that they have been planning it for some time then.
|
|||
![]() |
|
Tomasz Grysztar 20 May 2009, 19:03
vid wrote: WTF? How are they going to copy blocks of memory now? Well, the lazy programmer may still try to put some huge value as destination buffer size just to make thing work and forget about it... *sigh* |
|||
![]() |
|
bitshifter 20 May 2009, 19:20
No big deal unless you are coding high security industry apps.
I am guilty myself for leaving these holes in my programs. If someone wants to get inside they eventually will crack it. At least it will help make buffer overflows a bit more difficult. _________________ Coding a 3D game engine with fasm is like trying to eat an elephant, you just have to keep focused and take it one 'byte' at a time. |
|||
![]() |
|
r22 20 May 2009, 19:31
Precious CPU cycles are melting away!
Useless code to be executed ad-nauseum Code: MOV reg,[DST_LENGTH] CMP reg,[SRC_LENGTH] JB .DONT_WORRY_MICROSOFT_WUVS_YOU |
|||
![]() |
|
vid 20 May 2009, 21:29
revolution: second link seems only have functions that are already banned. But now I found answer in second link.
Tomasz: I support it fully for string functions, but memcpy()? I think this is a bit overkill, but I agree it is understandable in case of MS. |
|||
![]() |
|
Borsuc 21 May 2009, 23:50
This is the dumbest thing I've heard in a LOOOONG while
![]() First I thought it was a prank, can't believe it's actually real. It makes as much sense as copying the function arguments twice "for consistency reasons" lololol. _________________ Previously known as The_Grey_Beast |
|||
![]() |
|
revolution 22 May 2009, 00:29
I think they (MS) are realising that the programmers don't know how to properly use the function. So, rather trying to change the programmers habits, they thought it would be easier to change the function. And I suspect they are right, changing a programmers habits can be very hard to do. Right tom?
![]() |
|||
![]() |
|
drhowarddrfine 22 May 2009, 03:10
I agree with revolution but I also wonder if MS is trying to protect people from themselves. They have enough issues. It's like banning loops or movs in asm cause they can runaway without a proper counter. Stupid.
However, the C library has new functions for copying strings that require definition of the string length but no one has banned the old use. |
|||
![]() |
|
sinsi 22 May 2009, 03:51
Quote: Developers who want to be SDL compliant will instead have to replace memcpy() functions with memcpy_s Not totally banned, just 'deprecated'. Anyway, what do we care? I don't use any C library functions. |
|||
![]() |
|
Borsuc 23 May 2009, 22:57
CopyMemory is not a C function.
|
|||
![]() |
|
bitRAKE 23 May 2009, 23:18
My processor has REP MOVSB, so I use it where needed and memory sections are known not to overlap.
Copying massive blocks of memory has never been an algorithmically sound practice. Imagine an editor which completely copied the text every time a character was inserted/deleted - bad design unless the maximum number of characters is fairly small. MS's approach is the exact opposite of education and supports the dumbing down of the programmer - just a sick hierarchy of protocols with all the wrong reasons. |
|||
![]() |
|
pelaillo 26 May 2009, 18:03
Quote:
They already succeed in dumbing down the computer users. |
|||
![]() |
|
comrade 27 May 2009, 07:42
That's bad? Take a look at Apple kicking their ass.
|
|||
![]() |
|
Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.