title | description | ms.date | f1_keywords | helpviewer_keywords | ms.assetid |
---|---|---|---|---|---|
Compiler Warning (level 3) C4996 |
Explains why Compiler warning C4996 happens, and describes what to do about it. |
08/30/2022 |
C4996 |
C4996 |
926c7cc2-921d-43ed-ae75-634f560dd317 |
Your code uses a function, class member, variable, or typedef that’s marked deprecated. Symbols are deprecated by using a __declspec(deprecated)
modifier, or the C++14 [[deprecated]]
attribute. The actual C4996 warning message is specified by the deprecated
modifier or attribute of the declaration.
[!IMPORTANT]
This warning is always a deliberate message from the author of the header file that declares the symbol. Don’t use the deprecated symbol without understanding the consequences.
Remarks
Many functions, member functions, function templates, and global variables in Visual Studio libraries are deprecated. Some, such as POSIX and Microsoft-specific functions, are deprecated because they now have a different preferred name. Some C runtime library functions are deprecated because they’re insecure and have a more secure variant. Others are deprecated because they’re obsolete. The deprecation messages usually include a suggested replacement for the deprecated function or global variable.
The /sdl
(Enable Additional Security Checks) compiler option elevates this warning to an error.
Turn off the warning
To fix a C4996 issue, we usually recommend you change your code. Use the suggested functions and global variables instead. If you need to use the existing functions or variables for portability reasons, you can turn off the warning.
Turn off the warning for a specific line of code
To turn off the warning for a specific line of code, use the warning
pragma, #pragma warning(suppress : 4996)
.
Turn off the warning within a file
To turn off the warning within a file for everything that follows, use the warning pragma, #pragma warning(disable : 4996)
.
Turn off the warning in command-line builds
To turn off the warning globally in command-line builds, use the /wd4996
command-line option.
Turn off the warning for a project in Visual Studio
To turn off the warning for an entire project in the Visual Studio IDE:
-
Open the Property Pages dialog for your project. For information on how to use the Property Pages dialog, see Property Pages.
-
Select the Configuration Properties > C/C++ > Advanced property page.
-
Edit the Disable Specific Warnings property to add
4996
. Choose OK to apply your changes.
Disable the warning using preprocessor macros
You can also use preprocessor macros to turn off certain specific classes of deprecation warnings used in the libraries. These macros are described below.
To define a preprocessor macro in Visual Studio:
-
Open the Property Pages dialog for your project. For information on how to use the Property Pages dialog, see Property Pages.
-
Expand Configuration Properties > C/C++ > Preprocessor.
-
In the Preprocessor Definitions property, add the macro name. Choose OK to save, and then rebuild your project.
To define a macro only in specific source files, add a line such as #define EXAMPLE_MACRO_NAME
before any line that includes a header file.
Here are some of the common sources of C4996 warnings and errors:
POSIX function names
The POSIX name for this item is deprecated. Instead, use the ISO C and C++ conformant name:
new-name.
See online help for details.
Microsoft renamed some POSIX and Microsoft-specific library functions in the CRT to conform with C99 and C++03 constraints on reserved and global implementation-defined names. Only the names are deprecated, not the functions themselves. In most cases, a leading underscore was added to the function name to create a conforming name. The compiler issues a deprecation warning for the original function name, and suggests the preferred name.
To fix this issue, we usually recommend you change your code to use the suggested function names instead. However, the updated names are Microsoft-specific. If you need to use the existing function names for portability reasons, you can turn off these warnings. The functions are still available in the library under their original names.
To turn off deprecation warnings for these functions, define the preprocessor macro _CRT_NONSTDC_NO_WARNINGS
. You can define this macro at the command line by including the option /D_CRT_NONSTDC_NO_WARNINGS
.
Unsafe CRT Library functions
This function or variable may be unsafe. Consider using
safe-version
instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
Microsoft deprecated some CRT and C++ Standard Library functions and globals because more secure versions are available. Most of the deprecated functions allow unchecked read or write access to buffers. Their misuse can lead to serious security issues. The compiler issues a deprecation warning for these functions, and suggests the preferred function.
To fix this issue, we recommend you use the function or variable safe-version
instead. Sometimes you can’t, for portability or backwards compatibility reasons. Carefully verify it’s not possible for a buffer overwrite or overread to occur in your code. Then, you can turn off the warning.
To turn off deprecation warnings for these functions in the CRT, define _CRT_SECURE_NO_WARNINGS
.
To turn off warnings about deprecated global variables, define _CRT_SECURE_NO_WARNINGS_GLOBALS
.
For more information about these deprecated functions and globals, see Security Features in the CRT and Safe Libraries: C++ Standard Library.
Unsafe Standard Library functions
'std::
function_name
::_Unchecked_iterators::_Deprecate' Call to std::
function_name
with parameters that may be unsafe - this call relies on the caller to check that the passed values are correct. To disable this warning, use -D_SCL_SECURE_NO_WARNINGS. See documentation on how to use Visual C++ 'Checked Iterators'
In Visual Studio 2015, this warning appears in debug builds because certain C++ Standard Library function templates don’t check parameters for correctness. Often it’s because not enough information is available to the function to check container bounds. Or, because iterators may be used incorrectly with the function. This warning helps you identify these functions, because they may be a source of serious security holes in your program. For more information, see Checked iterators.
For example, this warning appears in Debug mode if you pass an element pointer to std::copy
, instead of a plain array. To fix this issue, use an appropriately declared array, so the library can check the array extents and do bounds checking.
// C4996_copyarray.cpp // compile with: cl /c /W4 /D_DEBUG C4996_copyarray.cpp #include <algorithm> void example(char const * const src) { char dest[1234]; char * pdest3 = dest + 3; std::copy(src, src + 42, pdest3); // C4996 std::copy(src, src + 42, dest); // OK, copy can tell that dest is 1234 elements }
Several standard library algorithms were updated to have «dual range» versions in C++14. If you use the dual range versions, the second range provides the necessary bounds checking:
// C4996_containers.cpp // compile with: cl /c /W4 /D_DEBUG C4996_containers.cpp #include <algorithm> bool example( char const * const left, const size_t leftSize, char const * const right, const size_t rightSize) { bool result = false; result = std::equal(left, left + leftSize, right); // C4996 // To fix, try this form instead: // result = std::equal(left, left + leftSize, right, right + rightSize); // OK return result; }
This example demonstrates several more ways the standard library may be used to check iterator usage, and when unchecked usage may be dangerous:
// C4996_standard.cpp // compile with: cl /EHsc /W4 /MDd C4996_standard.cpp #include <algorithm> #include <array> #include <iostream> #include <iterator> #include <numeric> #include <string> #include <vector> using namespace std; template <typename C> void print(const string& s, const C& c) { cout << s; for (const auto& e : c) { cout << e << " "; } cout << endl; } int main() { vector<int> v(16); iota(v.begin(), v.end(), 0); print("v: ", v); // OK: vector::iterator is checked in debug mode // (i.e. an overrun triggers a debug assertion) vector<int> v2(16); transform(v.begin(), v.end(), v2.begin(), [](int n) { return n * 2; }); print("v2: ", v2); // OK: back_insert_iterator is marked as checked in debug mode // (i.e. an overrun is impossible) vector<int> v3; transform(v.begin(), v.end(), back_inserter(v3), [](int n) { return n * 3; }); print("v3: ", v3); // OK: array::iterator is checked in debug mode // (i.e. an overrun triggers a debug assertion) array<int, 16> a4; transform(v.begin(), v.end(), a4.begin(), [](int n) { return n * 4; }); print("a4: ", a4); // OK: Raw arrays are checked in debug mode // (i.e. an overrun triggers a debug assertion) // NOTE: This applies only when raw arrays are // given to C++ Standard Library algorithms! int a5[16]; transform(v.begin(), v.end(), a5, [](int n) { return n * 5; }); print("a5: ", a5); // WARNING C4996: Pointers cannot be checked in debug mode // (i.e. an overrun triggers undefined behavior) int a6[16]; int * p6 = a6; transform(v.begin(), v.end(), p6, [](int n) { return n * 6; }); print("a6: ", a6); // OK: stdext::checked_array_iterator is checked in debug mode // (i.e. an overrun triggers a debug assertion) int a7[16]; int * p7 = a7; transform(v.begin(), v.end(), stdext::make_checked_array_iterator(p7, 16), [](int n) { return n * 7; }); print("a7: ", a7); // WARNING SILENCED: stdext::unchecked_array_iterator // is marked as checked in debug mode, but it performs no checking, // so an overrun triggers undefined behavior int a8[16]; int * p8 = a8; transform( v.begin(), v.end(), stdext::make_unchecked_array_iterator(p8), [](int n) { return n * 8; }); print("a8: ", a8); }
If you’ve verified that your code can’t have a buffer-overrun error, you can turn off this warning. To turn off warnings for these functions, define _SCL_SECURE_NO_WARNINGS
.
Checked iterators enabled
C4996 can also occur if you don’t use a checked iterator when _ITERATOR_DEBUG_LEVEL
is defined as 1 or 2. It’s set to 2 by default for debug mode builds, and to 0 for retail builds. For more information, see Checked iterators.
// C4996_checked.cpp // compile with: /EHsc /W4 /MDd C4996_checked.cpp #define _ITERATOR_DEBUG_LEVEL 2 #include <algorithm> #include <iterator> using namespace std; using namespace stdext; int main() { int a[] = { 1, 2, 3 }; int b[] = { 10, 11, 12 }; copy(a, a + 3, b + 1); // C4996 // try the following line instead: // copy(a, a + 3, checked_array_iterator<int *>(b, 3)); // OK }
Unsafe MFC or ATL code
C4996 can occur if you use MFC or ATL functions that were deprecated for security reasons.
To fix this issue, we strongly recommend you change your code to use updated functions instead.
For information on how to suppress these warnings, see _AFX_SECURE_NO_WARNINGS
.
Obsolete CRT functions and variables
This function or variable has been superseded by newer library or operating system functionality. Consider using
new_item
instead. See online help for details.
Some library functions and global variables are deprecated as obsolete. These functions and variables may be removed in a future version of the library. The compiler issues a deprecation warning for these items, and suggests the preferred alternative.
To fix this issue, we recommend you change your code to use the suggested function or variable.
To turn off deprecation warnings for these items, define _CRT_OBSOLETE_NO_WARNINGS
. For more information, see the documentation for the deprecated function or variable.
Marshaling errors in CLR code
C4996 can also occur when you use the CLR marshaling library. In this case, C4996 is an error, not a warning. The error occurs when you use marshal_as
to convert between two data types that require a marshal_context
Class. You can also receive this error when the marshaling library doesn’t support a conversion. For more information about the marshaling library, see Overview of marshaling in C++.
This example generates C4996 because the marshaling library requires a context to convert from a System::String
to a const char *
.
// C4996_Marshal.cpp // compile with: /clr // C4996 expected #include <stdlib.h> #include <string.h> #include <msclrmarshal.h> using namespace System; using namespace msclr::interop; int main() { String^ message = gcnew String("Test String to Marshal"); const char* result; result = marshal_as<const char*>( message ); return 0; }
Example: User-defined deprecated function
You can use the deprecated
attribute in your own code to warn callers when you no longer recommend use of certain functions. In this example, C4996 is generated in two places: One for the line the deprecated function is declared on, and one for the line where the function is used.
// C4996.cpp // compile with: /W3 // C4996 warning expected #include <stdio.h> // #pragma warning(disable : 4996) void func1(void) { printf_s("nIn func1"); } [[deprecated]] void func1(int) { printf_s("nIn func2"); } int main() { func1(); func1(1); // C4996 }
In previous versions of Visual Studio using functions like _sleep or strncpy just outputs a warning. In the latest version, it’s suddenly an error:
error C4996: ‘_sleep’: This function or variable has been superseded
by newer library or operating system functionality. Consider using
Sleep instead. See online help for details.
I know I can disable it by adding #pragma warning(disable: 4996)
in the beginning of the code, but it’s extremely annoying that VS is trying to force me to use other functions. Is there any way to disable this behavior?
Before you ask, «Treat Warnings As Errors» is disabled, and it errors even if I turn off all warnings!
anastaciu
23.3k7 gold badges28 silver badges53 bronze badges
asked Dec 7, 2013 at 23:39
3
Apparently new projects enable «SDK check» by default now, which treats these warnings as errors. To disable it, go to project properties -> Configuration Properties -> C/C++ -> General -> SDL checks -> No.
answered Dec 7, 2013 at 23:45
NikolaiNikolai
2,9933 gold badges24 silver badges33 bronze badges
2
enter at the beginning of the program:
#pragma warning(disable : 4996)
and that’s it.
answered Feb 27, 2018 at 19:16
Nitay DereiNitay Derei
1632 silver badges9 bronze badges
1
You can also disable specific warning numbers in C/C++ > Advanced > Disable Specific Warnings.
answered Jun 17, 2014 at 15:57
Peter TsengPeter Tseng
13.5k3 gold badges66 silver badges57 bronze badges
Just to add to this, _CRT_NONSTDC_NO_DEPRECATE
worked for me in VS2019. _CRT_SECURE_NO_WARNINGS
alone did not clear this for me (I have both defined).
Similar to the other answers, this may be added by right-clicking the project in Solution Explorer, Then going to Properties->Configuration Properties->C/C++->Preprocessor->Preprocessor Definitions->Edit… then adding the line _CRT_NONSTDC_NO_DEPRECATE
.
answered Jul 4, 2020 at 0:16
Project ->project_name properties -> Configuration Properties -> C/C++ -> Preprocessor -> Preprocessor Definitions -> Edit… add line _CRT_SECURE_NO_WARNINGS
answered Jan 5, 2017 at 20:47
Adam G.Adam G.
811 silver badge10 bronze badges
Every scanf
gets an error of C4996, use scanf_s instead.
I read every similar post about this issue and I know I can solve this issue with #pragma warning(disable : 4996)
, but what I want to ask is I was using vstudio before and it never happened to me before. I can compile without problem in CodeBlocks or DevC++ but why exactly is this happening and if I disable warnings, would that affect my code in any way?
- c
- visual-studio
- compiler-errors
- deprecation-warning
melpomene
83.7k8 gold badges84 silver badges147 bronze badges
asked Sep 2, 2018 at 9:53
10
-
Does it not tell you what is deprecated?
Sep 2, 2018 at 9:55
-
Your probably not using the same compiler. CodeBlocks usually defaults to GCC. Visual Studio will default to MSVC. Never use Dev C++ for anything.
Sep 2, 2018 at 9:58
-
Doesn’t matter what I use it for,every scanf gets an error of C4996, use scanf_s instead.
Sep 2, 2018 at 10:00
-
@Ischys That’s kind of the most important part of your question. I edited it in.
Sep 2, 2018 at 10:07
-
MSVC has a set of «safe» functions like
scanf_s
and its just forcing you to use their non standard functions instead of the standard onesSep 2, 2018 at 10:08
Load 7 more related questions
Show fewer related questions
При компиляции такого кода
#include <iostream>
#define _CRT_SECURE_NO_WARNINGS
using namespace std;
int main() {
const int maxSymbols = 15;
char* word1 = new char[maxSymbols];
char* word2 = new char[maxSymbols];
cout << "Enter five words : ";
cin >> word1;
cin >> word2;
cout << endl << strcat(word1, word2);
}
Появляется ошибка C4996 ‘strcat’: This function or variable may be unsafe. Consider using strcat_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS.
После появления этой ошибки в начале дописал #define _CRT_SECURE_NO_WARNINGS
но это ничего не изменило.
Помогите пожалуйста.
-
Вопрос заданболее двух лет назад
-
1661 просмотр
Пригласить эксперта
Попробуйте ввести более 10 символов в word1 и word2 и у вас программа непредсказуемо упадёт.
Если использовать strcat_s, то она проверит граничные условия и выдаст ошибку, если они не выполняются.
Для использования strcat_s нужно немного переписать программу — обработать ошибку и знать размер первого буфера.
Данил Васькевич, прикинь, блин! Или как компилятор советует вместо strcat использовать strcat_s, или указать дифайн _CRT_SECURE_NO_WARNINGS (в Visual Studio его можно указать в свойствах проекта, глобально). Ну лучше всё же не пользоваться небезопасными функциями, а перейти на функции с суфиксом _s везде где только возможно, а не только в этом случае. Дифайн _CRT_SECURE_NO_WARNINGS это плохое решение, подходит на «только сейчас и для старого кода чтобы поддерживался», а новый код не надо на него расчитывать, надо пользоваться безопасными функциями.
-
Показать ещё
Загружается…
05 июн. 2023, в 15:40
2000 руб./за проект
05 июн. 2023, в 15:13
2000 руб./в час
05 июн. 2023, в 15:02
7000 руб./за проект
Минуточку внимания
Gusev 0 / 0 / 0 Регистрация: 04.12.2014 Сообщений: 10 |
||||
1 |
||||
29.01.2015, 21:33. Показов 33909. Ответов 15 Метки нет (Все метки)
Здравствуйте, у меня показывать ошибку C4996: ‘fopen’. помогите исправить.
0 |
zss Модератор 13252 / 10391 / 6213 Регистрация: 18.12.2011 Сообщений: 27,793 |
||||
29.01.2015, 21:39 |
2 |
|||
2 |
7533 / 6396 / 2916 Регистрация: 14.04.2014 Сообщений: 27,855 |
|
29.01.2015, 21:41 |
3 |
<cstdio> подключи.
0 |
1500 / 1146 / 165 Регистрация: 05.12.2011 Сообщений: 2,279 |
|
29.01.2015, 21:41 |
4 |
вообще нужно полный текст ошибок/предупреждений приводить.
0 |
0 / 0 / 0 Регистрация: 04.12.2014 Сообщений: 10 |
|
29.01.2015, 21:43 [ТС] |
5 |
#pragma warning(disable:4996) и <cstdio> не помогли, как и #define _CRT_SECURE_NO_WARNINGS. а если fopen заменить на fopen_s, то пишет, что fopen_s не может принимать два значения. Добавлено через 1 минуту
0 |
1500 / 1146 / 165 Регистрация: 05.12.2011 Сообщений: 2,279 |
|
29.01.2015, 21:43 |
6 |
наверно потому, что оно принимает три: _CRT_SECURE_NO_WARNINGS — вот это вы где задефайнили? надо чтобы перед инклудом это было.
0 |
7533 / 6396 / 2916 Регистрация: 14.04.2014 Сообщений: 27,855 |
|
29.01.2015, 21:45 |
7 |
В свойствах проекта уровень предупреждений поменяй.
1 |
0 / 0 / 0 Регистрация: 04.12.2014 Сообщений: 10 |
|
29.01.2015, 21:47 [ТС] |
8 |
DU2, так я и перед инклудами писал, выдает еще одну ошибку warning C4603: ‘_CRT_SECURE_NO_WARNINGS’ : macro is not defined or definition is different after precompiled header use
0 |
DU 1500 / 1146 / 165 Регистрация: 05.12.2011 Сообщений: 2,279 |
||||
29.01.2015, 21:49 |
9 |
|||
так? если так и все равно проблемы — тогда хз.
1 |
0 / 0 / 0 Регистрация: 04.12.2014 Сообщений: 10 |
|
29.01.2015, 22:06 [ТС] |
10 |
nmcf, а как это сделать? у меня английская версия, плохо понимаю. Добавлено через 15 минут
0 |
7533 / 6396 / 2916 Регистрация: 14.04.2014 Сообщений: 27,855 |
|
29.01.2015, 22:26 |
11 |
В разделе C/C++ — обрабатывать предупреждения как ошибки — Нет.
0 |
1500 / 1146 / 165 Регистрация: 05.12.2011 Сообщений: 2,279 |
|
29.01.2015, 22:38 |
12 |
какая у вас студия?
0 |
0 / 0 / 0 Регистрация: 04.12.2014 Сообщений: 10 |
|
29.01.2015, 22:46 [ТС] |
13 |
0 |
1500 / 1146 / 165 Регистрация: 05.12.2011 Сообщений: 2,279 |
|
29.01.2015, 23:01 |
14 |
Сообщение было отмечено Gusev как решение Решение В свойствах:
3 |
0 / 0 / 0 Регистрация: 04.12.2014 Сообщений: 10 |
|
29.01.2015, 23:19 [ТС] |
15 |
а теперь выводит вот это http://rghost.ru/8J7k4jhT5 Добавлено через 3 минуты
0 |
1500 / 1146 / 165 Регистрация: 05.12.2011 Сообщений: 2,279 |
|
30.01.2015, 00:03 |
16 |
это у вас рантайм ошибка. глюк в коде, а не в студии.
0 |