Visual Studio Warning C4996

Visual Studio Warning C4996

First, I would like to say that I am quite fond of compiler warnings. I invoke gcc with -Wall -Wextra.

However, the MSVC warning C4996 mostly fires on completely valid code. The changes proposed in the warning text often seriously compromise the code portability, while they never substantially improve the code quality. Thus I regularly suppress this warning in my MSVC projects (Project properties->C++->Advanced->Disable specific warnings).

Check also this and that discussions.

Suppressing warning C4996: why not working?

Solved thanks to WhozCraig

Solution: The warning suppression needs to be placed before any includes, as some of them apparently include eigen too.

Why does Visual Studio 2013 issue a C4996 error?

Apparently new projects enable "SDK check" by default now, which treats these warnings as errors. To disable it, go to project properties -> Configuration Properties -> C/C++ -> General -> SDL checks -> No.

Is there a way to tell Visual Studio to treat a warning as a warning, not an error?

Found a working solution. It turns out the relevant flag is actually "SDL checks", not "Treat Warnings as Errors". Flipping it from /sdl to /sdl- causes compilation to emit a warning while still compiling.

EDIT: If I want to keep all the SDL checks on except treating Warning C4996 as an error, I can use the flag /sdl in combination with the flag /w34996, which specifies that 4996 is treated as a level 3 warning instead of an error.

[[deprecated]] results in build failure in VS2017 (Error C4996)

You get an error instead warning because "SDL checks" enabled. It looks like in VS17 SDL enabled by default. From doc:

/sdl enables these warnings as errors:

C4146 / we4146 A unary minus operator was applied to an unsigned type,
resulting in an unsigned result.

C4308 / we4308 A negative integral constant converted to unsigned
type, resulting in a possibly meaningless result.

C4532 / we4532 Use of continue, break or goto keywords in a __finally
/ finally block has undefined behavior during abnormal termination.

C4533 / we4533 Code initializing a variable will not be executed.

C4700 / we4700 Use of an uninitialized local variable.

C4703 / we4703 Use of a potentially uninitialized local pointer
variable.

C4789 / we4789 Buffer overrun when specific C run - time(CRT)
functions are used.

C4995 / we4995 Use of a function marked with pragma deprecated.

C4996 / we4996 Use of a function marked as deprecated.

To fix go to "Properties" -> "C/C++" -> "SDL checks", set to "No(/sdl-)". After this you will get 

: warning C4996: 'foo': was declared deprecated
: note: see declaration of 'foo'

C4996 (function unsafe) warning for strcpy but not for memcpy

In general, to compile C code you need a conforming C compiler. Visual Studio is a non-conforming C++ compiler.

You get the warning because Visual Studio is bad. See this.

C4996 appears whenever you use a function that Microsoft regards as obsolete. Apparently, Microsoft has decided that they should dictate the future of the C language, rather than the ISO C working group. Thus you get false warnings for perfectly fine code. The compiler is the problem.

There is nothing wrong with the strcpy() function, that's a myth. This function has existed for some 30-40 years and every little bit of it is properly documented. So what the function does and what it does not should not come as a surprise, even to beginner C programmers.

What strcpy does and does not:

  • It copies a null-terminated string into another memory location.
  • It does not take any responsibility for error handling.
  • It does not fix bugs in the caller application.
  • It does not take any responsibility for educating C programmers.

Because of the last remark above, you must know the following before calling strcpy:

  • If you pass a string of unknown length to strcpy, without checking its length in advance, you have a bug in the caller application.
  • If you pass some chunk of data which does not end with \0, you have a bug in the caller application.
  • If you pass two pointers to strcpy(), which point at memory locations that overlap, you invoke undefined behavior. Meaning you have a bug in the caller application.

For example, in the code you posted, you never initialized the arrays, so your program will likely crash and burn. That bug isn't in the slightest related to the strcpy() function and will not be solved by swapping out strcpy() for something else.

Treat specific warning as error for C++ project in Visual Studio

Enter the numbers only, i.e. 4390. For multiple warnings, enter them semicolon separated: 4390;4391.

If you don't see it in the command line, click the "Apply" button.

In the command line, they will appear as /We"...".


Related Topics

Store Results of Std::Stack .Pop() Method into a Variable

Is Constexpr a "Hint" (Like Inline) or "A Binding Request" to the Compiler

How to Convert a String Literal to Unsigned Char Array in Visual C++

What Is the Purpose of Unary Plus Operator on Char Array

Parse String Containing Numbers into Integer Array

How to Overload Array Index Operator for Wrapper Class of 2D Array

How to Run Only One Instance of Application

How to Config Cmake for Strip File

Sub-Millisecond Precision Timing in C or C++

How to Generate the Same Random Number Sequence Over Multiple Types of Compilers and Kernels with <Random>

What Does *& Mean in a Function Parameter

Find Available Network Interfaces in C/C++

Std::Optional - Construct Empty with {} or Std::Nullopt

Use of 'Auto Func(Int)' Before Deduction of 'Auto' in C++14

Is Constexpr Really Needed

Visual Studio 2013: Cl.Exe Exited with Code -1073741515

Understanding How Lambda Closure Type Has Deleted Default Constructor

Why Can't I Use <Experimental/Filesystem> with G++ 4.9.2


Leave a reply



Submit