C Run-time Security (Windows CE 5.0)
Developing an Application > Microsoft C Run-time Library for Windows CE
C Run-time (CRT) library functions do not ensure security. However, when used properly, the functions pose no security risk.
Many CRT functions are inherently unsafe to ensure portability and enhance efficiency, trading safety for speed. In addition, many CRT functions have direct access to the process memory space and do not have safeguards that guarantee execution integrity.
The inherent qualities of CRT functions are not vulnerabilities unless you use the functions improperly.
Best Practices
The following list describes best practices for preventing security threats.
Replace CRT functions in your code with safer variations.
For example, consider using classes that encapsulate memory and have safeguards against invalid behavior. In addition, consider using safe string functions that protect against buffer overruns.
For more information, see Safe String Functions.
Validate all inputs from users or other external sources.
Validate inputs and ensure the inputs meet appropriate guidelines for size before passing the inputs to CRT functions.
Do not pass NULL pointers to the CRT functions.
Default Registry Settings
The CRT does not access the registry.
See Also
Microsoft C Run-time Library for Windows CE
Send Feedback on this topic to the authors