There has been a new section added to the developers best practices page stating unsafe string manipulation functions should be avoided: Style Guide/Best Practice C Cpp - Blender Developer Wiki
A more detailed rationale can be found in the proposal: #108917 - Policy: disallow unsafe string manipulation functions - blender - Blender Projects
For some background: previously we accepted use of string manipulation functions generally considered unsafe, strcpy, sprintf … etc, even though Blender defined safe alternatives with the assumption that developers know that they’re doing and can avoid the risks by being careful.
Having checked use of unsafe functions I found this isn’t the case - with enough usage not properly accounting for buffer overflows. It was agreed to disallow use of these functions.
With very few exceptions their use has now been removed from source/ and much of intern/.
Unfortunately there doesn’t seem to be any portable methods of poisoning these functions (so their use results in build errors), so this needs to be enforced manually & code-review.
For anyone who doubts Blender developers would make such schoolboy errors, here’s a shortened list of issues:
- Fix potential buffer overflow & un-terminated strings on macOS
- Fix buffer overflow in BKE_bpath_foreach_path_fixed_process
- Fix buffer overflow in AVI file writing
- Fix potential buffer overflow in BLI_windows_get_executable_dir
- Fix potential buffer overflow with thumbnail URI creation on WIN32
- Fix buffer overflow in BLI_path_abs on WIN32
- Fix potential buffer overflows from incorrect strcpy use
- BLI_string: add BLI_strncat, replace use of strcat that could overflow