I'm porting some code to Windows, and the Microsoft compiler (Visual C++ 8) is telling me that strerror()
is unsafe.
Putting aside the annoyance factor in all the safe string stuff from Microsoft, I can actually see that some of the deprecated functions are dangerous. But I can't understand what could be wrong with strerror()
. It takes a code (int
), and returns the corresponding string, or the empty string if that code is not known.
Where is the danger?
Is there a good alternative in C?
Is there a good alternative in C++?
[edit]
Having had some good answers, and now understanding that some implementations may be crazy enough to actually write to a common shared buffer - unsafe to reentrancy within a single-thread, never mind between threads! - my question stops being "Why can't I use it, and what are the alternatives?" to "Are there any decent, succinct alternatives in C and/or C++?"
Thanks in advance
strerror is not required to be thread-safe. Implementations may be returning different pointers to static read-only string literals or may be returning the same pointer over and over, pointing at a static buffer in which strerror places the string.
The strerror() function returns a pointer to a string that describes the error code passed in the argument errnum, possibly using the LC_MESSAGES part of the current locale to select the appropriate language.
strerror
is deprecated because it's not thread-safe. strerror
works on an internal static buffer, which may be overwritten by other, concurrent threads. You should use a secure variant called strerror_s
.
The secure variant requires that the buffer size be passed to the function in order to validate that the buffer is large enough before writing to it, helping to avoid buffer overruns that could allow malicious code to execute.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With