{"id":5242,"date":"2022-03-12T00:01:50","date_gmt":"2022-03-12T08:01:50","guid":{"rendered":"https:\/\/c-for-dummies.com\/blog\/?p=5242"},"modified":"2022-03-19T08:03:11","modified_gmt":"2022-03-19T15:03:11","slug":"the-perils-of-the-memset-function","status":"publish","type":"post","link":"https:\/\/c-for-dummies.com\/blog\/?p=5242","title":{"rendered":"The Perils of the memset()<\/em> Function"},"content":{"rendered":"

While researching the upcoming — and significant — C23 version of the C programming language, I learned something surprising: The memset()<\/em> function will be deprecated. It effectively does nothing when used in the C23 standard. The reason makes a lot of sense.
\n
\nI wrote about the memset()<\/em> function in a Lesson from 2021<\/a>. What it does is to initialize a chunk of memory (a buffer) to a specific value. Here is the man<\/em> page format:<\/p>\n

void *memset(void *b, int c, size_t len);<\/code><\/p>\n

Defined in the string.h<\/code> header file, the memset()<\/em> function writes len<\/code> bytes of value c<\/code> to the buffer at b<\/code>. As I wrote last year, memset()<\/em> initializes a buffer, ensuring that its contents are zero or whatever value you set. Even so, this function is burdened with a number of issues.<\/p>\n

First, no guarantee is available to prove that buffer b<\/code> is len<\/code> bytes in size. So the function could overwrite memory if you’re not careful.<\/p>\n

Second, compiler optimization often nullifies the function, rending the buffer uninitialized. This optimization happens all the time, so unless you disable it or go to the effort to confirm that the program actually writes data to the entire buffer, who knows whether the buffer is initialized?<\/p>\n

One of the major issues here is that network programming often uses the memset()<\/em> function to zero out important structures. If such a structure isn’t “zeroed out,” network functions behave improperly.<\/p>\n

An alternative, secure version of the function is available, memset_s()<\/em>. Also defined in the string.h<\/code> header, this function isn’t part of the standard C library. Here is the man<\/em> page format:<\/p>\n

errno_t memset_s(void *s, rsize_t smax, int c, rsize_t n);<\/code><\/p>\n

Argument s<\/code> is the buffer to overwrite and smax<\/code> is the buffer’s size. Argument c<\/code> is the character (unsigned char<\/em>) to write, n<\/code> is the number of characters, which must be less than smax<\/code>. The function returns zero upon success, otherwise an error code is returned as defined in its man<\/em> page. The error code is not an errno<\/em> value<\/a>. Unlike the memset()<\/em> function, memset_s()<\/em> isn’t optimized by the compiler.<\/p>\n

Here is an update to the code I wrote last year to test the memset()<\/em> function, but using memset_s()<\/em> instead.<\/p>\n

2022_03_12-Lesson.c<\/a><\/h3>\n
\r\n#include <stdio.h>\r\n#include <string.h>\r\n\r\nint main()\r\n{\r\n    char buffer[BUFSIZ];\r\n\r\n    memset_s(buffer, BUFSIZ, '\\0', BUFSIZ);\r\n    puts(\"Buffer initialized\");\r\n\r\n    return(0);\r\n}<\/pre>\n
The two changes required are first, of course, to change memset()<\/em> to memset_s()<\/em>. The second change is to add the function’s second argument, the buffer size. In this code I use the BUFSIZ<\/code> constant<\/a>, which appears as both the second and fourth arguments.<\/p>\n
Here is the boring sample run:<\/p>\n
Buffer initialized<\/code><\/p>\n
In my older post, I also mentioned the bzero()<\/em> function, which works like memset()<\/em> but always uses the zero value to fill the buffer. The problem with bzero()<\/em> is that it’s non-standard. As I wrote in the original post, it’s still okay to write your own function to initialize a chunk of memory. Especially if your compiler lacks the memset_s()<\/em> function, this is the route I would recommend taking.<\/p>\n
In next week’s Lesson<\/a>, I cover the manual method to initialize a structure to zero.<\/p>\n","protected":false},"excerpt":{"rendered":"
Turns out that this common function could be a security risk. Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-5242","post","type-post","status-publish","format-standard","hentry","category-main"],"_links":{"self":[{"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5242","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5242"}],"version-history":[{"count":5,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5242\/revisions"}],"predecessor-version":[{"id":5263,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5242\/revisions\/5263"}],"wp:attachment":[{"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5242"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}