C++ Connections

Just finished arranging my travel to C++ Connections. I’m speaking on our Security work in the Standard C++ Library. I’ll be in Vegas from 7th-11th. Hopefully there will be a chance for some of us to meet up and chat about Libraries futures.   Martyn  

Why does VC8 install libraries to WinSxS?

One of the changes introduced by Visual C++ 2005 is a change in how we deploy the Visual C++ Runtime Libraries (CRT, MFC, ATL). Deployment of the runtimes has been a complex and controversial question across many versions. What we’ve attempted to do in this version of the product is both simplify our plan and…


Annotations – yet more help finding buffer overflows

Last time I talked about how we used template overloads to help automatically transform safe calls to strcpy into strcpy_s. But not all calls to strcpy are safe, of course. Consider this code: void GetIntegratedCutlery(char *out){      strcpy(out, “spork”);} In Visual Studio 2005, even with template overloads enabled, this will give you a deprecation warning telling…


Security improvements in VC++ 2005 and the C standards committee

Last Friday I returned from the C standards committee meeting in Mont Tremblant, Canada at a beautiful hotel resort. These meetings are pretty fascinating, because of the diverse set of smart people they draw in. Even though C is quite stable at this point, there are always a range of interesting feature proposals and defect…


I’m back

Hello. Welcome to my second generation, re-engineered, upgraded weblog. I’m really excited to finally have enough time to return to this medium. My old blog lasted about a month, before I got busy and backlogged. I did keep collecting blog topics in the intervening two years, so I now have enough to talk about to…