diff --git a/doc/cn/Programming_Specifications.md b/doc/cn/Programming_Specifications.md index e8d43ca16283a3d796ece362f46f28fe779a307c..2e80d28632387a41cc4d317cef5fa39ee27feecc 100644 --- a/doc/cn/Programming_Specifications.md +++ b/doc/cn/Programming_Specifications.md @@ -2988,13 +2988,16 @@ C标准的许多函数,没有将目标缓冲区的大小作为参数,并且 基于历史缓冲区溢出漏洞触发的情况统计,有很大一部分是因为调用了这些内存操作类函数但未考虑目标缓冲区大小而导致。 以下列出了部分内存操作类危险函数: -内存拷贝函数:memcpy(), wmemcpy(), memmove(), wmemmove() -内存初始化函数:memset()字符串拷贝函数:strcpy(), wcscpy(),strncpy(), wcsncpy() +内存拷贝函数:memcpy(), wmemcpy(), memmove(), wmemmove() -字符串拼接函数:strcat(), wcscat(),strncat(), wcsncat() +内存初始化函数:memset() -字符串格式化输出函数:sprintf(), swprintf(), vsprintf(), vswprintf(), snprintf(), vsnprintf() +字符串拷贝函数:strcpy(), wcscpy(),strncpy(), wcsncpy() + +字符串拼接函数:strcat(), wcscat(),strncat(), wcsncat() + +字符串格式化输出函数:sprintf(), swprintf(), vsprintf(), vswprintf(), snprintf(), vsnprintf() 字符串格式化输入函数:scanf(), wscanf(), vscanf(), vwscanf(), fscanf(),fwscanf(),vfscanf(),vfwscanf(),sscanf(), swscanf(), vsscanf(), vswscanf() diff --git a/doc/en/Programming_Specifications.md b/doc/en/Programming_Specifications.md index 448a39c631b1c994fe920f730009aa5c1ebe6c8e..be602470dc602a958c8fab045b8d849be108e80e 100644 --- a/doc/en/Programming_Specifications.md +++ b/doc/en/Programming_Specifications.md @@ -2975,13 +2975,16 @@ Many C functions do not use the destination buffer size as a parameter or consid The historical statistics about buffer overflow vulnerabilities show that a majority of the vulnerabilities are caused by memory operation functions that do not consider the destination buffer size. The following lists the dangerous functions related to memory operations: -Memory copy functions: memcpy(), wmemcpy(), memmove(), wmemmove() -Memory initialization function: memset() String copy functions: strcpy(), wcscpy(),strncpy(), wcsncpy() +Memory copy functions: memcpy(), wmemcpy(), memmove(), wmemmove() -String concatenation functions: strcat(), wcscat(),strncat(), wcsncat() +Memory initialization function: memset() -Formatted string output functions: sprintf(), swprintf(), vsprintf(), vswprintf(), snprintf(), vsnprintf() +String copy functions: strcpy(), wcscpy(),strncpy(), wcsncpy() + +String concatenation functions: strcat(), wcscat(),strncat(), wcsncat() + +Formatted string output functions: sprintf(), swprintf(), vsprintf(), vswprintf(), snprintf(), vsnprintf() Formatted string input functions: scanf(), wscanf(), vscanf(), vwscanf(), fscanf(),fwscanf(),vfscanf(),vfwscanf(),sscanf(), swscanf(), vsscanf(), vswscanf()