Solved

VS2005 C runtime and _set_invalid_parameter_handler

Posted on 2006-11-08
4
1,442 Views
Last Modified: 2012-06-27
VS2005's C runtime has security enhancements that catch problems at runtime with functions like:

strcpy_s

there is a mechanism to setup _invalid_parameter_handler using the _setup_invalid_parameter_handler function.  If a runtime event happens the handler gets called.  Ok, that's good.

But when this happens (in the field as always) there does not seem to be any way to relate this back to the source.  You get line number information but it's from the source of strcpy_s and not my code that calls strcpy_s.

How can such an error be referenced back to a source code line that I've written?
0
Comment
Question by:jhance
  • 2
4 Comments
 
LVL 12

Expert Comment

by:rajeev_devin
ID: 17897314
0
 
LVL 32

Author Comment

by:jhance
ID: 17897716
rajeev,

I read through the comments at the link you referenced, but I don't see the connection to my question...
0
 
LVL 39

Accepted Solution

by:
itsmeandnobodyelse earned 500 total points
ID: 17898171
>>>> How can such an error be referenced back to a source code line that I've written?

Don't see a way to do so by using standard means. The call stack is only available in debug mode.

If you don't mind to take some efforts and are not afraid of using macros you might call wrapper functions instead of the original secure functions like that:

#define STRCPY_S(dest, siz, src) mystrcpy_s(__FILE__, __LINE__, dest, siz, src)

errno_t mystrcpy_s(const char srcfile[], int lineNo,
                   char *strDestination, size_t sizeInBytes, const char *strSource)
{
    Global::g_strLastSrcFile   = srcfile;
    Global::g_strLastLineNo    = lineNo;
    Global::g_strLastFunction  = "strcpy_s";
    return strcpy_s( strDestination, sizeInBytes, strSource);
}

These 'global' variables may be static members of a class Global or global variables in a namespace.

If doing so for all 'secure' runtime functions you could evaluate that information in your invalisd parameter handler.

Regards, Alex
 
0
 
LVL 32

Author Comment

by:jhance
ID: 17933878
I was hoping for something cleaner but it seems this is the best there is...

Thanks...
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Errors will happen. It is a fact of life for the programmer. How and when errors are detected have a great impact on quality and cost of a product. It is better to detect errors at compile time, when possible and practical. Errors that make their wa…
Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
The goal of the video will be to teach the user the concept of local variables and scope. An example of a locally defined variable will be given as well as an explanation of what scope is in C++. The local variable and concept of scope will be relat…
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now