Providing entry points for handling errors in VC++ 2005

The previous version of the C runtime had many flaws in its design. For example, the functions in the older C runtime performed poor or no validation to detect overwriting memory locations. Also, there was no easy way of validating input parameters such as memory locations, checking buffer sizes, ensuring null termination and checking parameters of variadic functions.

Visual C++ 2005 C runtime library (CRT) provides several new functions and exciting features that that can help increase security of many functions in the previous C runtime. The new CRT replaces the old functions with functions having the same name and added with the _s (S for secure) suffix. For example, the strcpy_s function replaces the strcpy function and so on.

The new secure C functions check the validity of parameters in functions. These checks include the following:

a) Checking pointers that have not been allocated i.e. NULL pointers
b) Integer underflow and overflow
c) Valid enumeration values.

If a problem is detected by the function, an invalid parameter handler is automatically called by the runtime library. The default invalid parameter handler provided by the C runtime raises and Access Violation exception. In Debug mode, an assertion is also raised.
The runtime library provides a function, _set_invalid_parameter_handler so that you may install your own function to respond to input parameter errors. Your function may terminate the application, or it may return control to the calling function that received the invalid parameters. The calling function will normally discontinue execution and set errno to an error code such as EINVAL to indicate invalid parameters. The calling function may use more specific values for errno, such as EBADF to indicate a bad file pointer was detected.