Compiling in VS 2015 as C++ about phc-winner-argon2 HOT 4 CLOSED

I've addressed your first issue in a portable manner. The second one is trickier, since people do not seem to agree on what a bounded sprintf looks like. VS 2015 supports the standard C99 snprintf, but previous versions of VS do not, where _snprintf has different behavior (no null character guaranteed at the end).

Since there is no risk of overflow here, I would probably suggest using the _CRT_SECURE_NO_WARNINGS macro to get around this particular warning.

from phc-winner-argon2.

Does that macro have to be applied globally, or can it be applied per source file? I'm of the mind set that if only a small piece of code throws a security warning, you don't disable that warning for the whole project if it could potentially come up elsewhere in later code changes.

I would agree, in this context, the buffers in question are well contained in code that is not externally or user accessible so the risk is low.

from phc-winner-argon2.

I will also add, in encoding.c and run.c, there are warnings thrown when compiling as x64 instead of Win32, that storing a size_t in a uint32_t or unsigned int could cause possible loss of data.

These are in the definitions of CC_opt and BIN, and in run.c it's only for the line pwdlen = strlen(pwd); which I don't think is an issue in that last case, as most people are going to use passwords less than a few hundred characters (or a key file of less than 1kb).

from phc-winner-argon2.

Macro only needs to be applied locally; e.g., put #define _CRT_SECURE_NO_WARNINGS before any includes in src/encoding.c.

I've fixed the warning in src/run.c. The similar warnings in src/encoding.c are inside macros, and the code becomes confusing and difficult to reason about if I just cast to uint32_t. I'll think about a proper fix.

from phc-winner-argon2.