From ea8abc26262ee2c0b798cc7d291a63b06597e95f Mon Sep 17 00:00:00 2001 From: shining Date: Thu, 13 Feb 2020 16:40:50 +0800 Subject: [PATCH] Update the format of the 'Programming_Specifications' to make them more clearly --- doc/cn/Programming_Specifications.md | 11 +++++++---- doc/en/Programming_Specifications.md | 11 +++++++---- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/doc/cn/Programming_Specifications.md b/doc/cn/Programming_Specifications.md index e8d43ca162..2e80d28632 100644 --- a/doc/cn/Programming_Specifications.md +++ b/doc/cn/Programming_Specifications.md @@ -2988,13 +2988,16 @@ C标准的许多函数,没有将目标缓冲区的大小作为参数,并且 基于历史缓冲区溢出漏洞触发的情况统计,有很大一部分是因为调用了这些内存操作类函数但未考虑目标缓冲区大小而导致。 以下列出了部分内存操作类危险函数: -内存拷贝函数:memcpy(), wmemcpy(), memmove(), wmemmove() -内存初始化函数:memset()字符串拷贝函数:strcpy(), wcscpy(),strncpy(), wcsncpy() +内存拷贝函数:memcpy(), wmemcpy(), memmove(), wmemmove() -字符串拼接函数:strcat(), wcscat(),strncat(), wcsncat() +内存初始化函数:memset() -字符串格式化输出函数:sprintf(), swprintf(), vsprintf(), vswprintf(), snprintf(), vsnprintf() +字符串拷贝函数:strcpy(), wcscpy(),strncpy(), wcsncpy() + +字符串拼接函数:strcat(), wcscat(),strncat(), wcsncat() + +字符串格式化输出函数:sprintf(), swprintf(), vsprintf(), vswprintf(), snprintf(), vsnprintf() 字符串格式化输入函数:scanf(), wscanf(), vscanf(), vwscanf(), fscanf(),fwscanf(),vfscanf(),vfwscanf(),sscanf(), swscanf(), vsscanf(), vswscanf() diff --git a/doc/en/Programming_Specifications.md b/doc/en/Programming_Specifications.md index 448a39c631..be602470dc 100644 --- a/doc/en/Programming_Specifications.md +++ b/doc/en/Programming_Specifications.md @@ -2975,13 +2975,16 @@ Many C functions do not use the destination buffer size as a parameter or consid The historical statistics about buffer overflow vulnerabilities show that a majority of the vulnerabilities are caused by memory operation functions that do not consider the destination buffer size. The following lists the dangerous functions related to memory operations: -Memory copy functions: memcpy(), wmemcpy(), memmove(), wmemmove() -Memory initialization function: memset() String copy functions: strcpy(), wcscpy(),strncpy(), wcsncpy() +Memory copy functions: memcpy(), wmemcpy(), memmove(), wmemmove() -String concatenation functions: strcat(), wcscat(),strncat(), wcsncat() +Memory initialization function: memset() -Formatted string output functions: sprintf(), swprintf(), vsprintf(), vswprintf(), snprintf(), vsnprintf() +String copy functions: strcpy(), wcscpy(),strncpy(), wcsncpy() + +String concatenation functions: strcat(), wcscat(),strncat(), wcsncat() + +Formatted string output functions: sprintf(), swprintf(), vsprintf(), vswprintf(), snprintf(), vsnprintf() Formatted string input functions: scanf(), wscanf(), vscanf(), vwscanf(), fscanf(),fwscanf(),vfscanf(),vfwscanf(),sscanf(), swscanf(), vsscanf(), vswscanf() -- Gitee