Skip to content

Update rand-s.md #5017

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Update rand-s.md #5017

wants to merge 1 commit into from

Conversation

@tkreuzer
Copy link

@tkreuzer tkreuzer commented Apr 10, 2024
edited
Loading

disregard

@tkreuzer
Update rand-s.md
e10fd4d 
rand_s is not a "more secure" version of rand, it is a less secure version of rand. rand is secure by design, because it doesn't take any parameters that could be wrong, it cannot cause any access violation or memory corruption, it only returns a random value, which is safe to use or discard. rand_s on the other hand can be passed a pointer that points to invalid memory, a too small variable or any other location that could cause memory corruption. This function is not only useless, it actively undermines the principles of secure coding, by claiming to be more safe, while being less safe. It should be deprecated and nobody should use it.
@prmerger-automator
Copy link
Contributor

prmerger-automator bot commented Apr 10, 2024

@tkreuzer : Thanks for your contribution! The author(s) have been notified to review your proposed change.

@prmerger-automator prmerger-automator bot requested a review from TylerMSFT April 10, 2024 20:57
@learn-build-service-prod
Copy link
Contributor

learn-build-service-prod bot commented Apr 10, 2024

Learn Build status updates of commit e10fd4d:

✅ Validation status: passed

File Status Preview URL Details
docs/c-runtime-library/reference/rand-s.md ✅Succeeded

For more details, please refer to the build report.

For any questions, please:

@tkreuzer tkreuzer closed this Apr 10, 2024
@tkreuzer tkreuzer deleted the patch-1 branch April 10, 2024 21:17
@tkreuzer tkreuzer restored the patch-1 branch April 10, 2024 21:20
@tkreuzer tkreuzer changed the title Update rand-s.md to relfect that the function is not more secure, but less secure than rand Update rand-s.md Apr 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TylerMSFT TylerMSFT Awaiting requested review from TylerMSFT

Assignees

@TylerMSFT TylerMSFT

Labels

Change sent to author do-not-merge qualifies-for-auto-merge ucrt/subsvc visual-cpp/svc

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tkreuzer @TylerMSFT