Silence deprecation warnings

[Count-MHM]

Makes PlutoSVG more secure (theoretically) and silences compiler warnings at high settings.

[sammycage]

sprintf_s is not available on Linux and macOS.

[Count-MHM]

Didn't notice this repo was using C99.
After a clean run noticed that there are more warnings generated.
I'm looking for a solution by using compiler definitions to silence warning instead of fixing them.

[sammycage]

Could you share the specific compiler warnings you're seeing? That would help us understand what's being triggered and evaluate the best way to address or silence them.

[Count-MHM]

This is with clang

[build] E:/DEV/C++/Projects/Count-Engine-02/Count/vendor/PlutoSVG/plutovg/source/plutovg-font.c:141:16: warning: 'fopen' is deprecated: This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [-Wdeprecated-declarations]
[build]   141 |     FILE* fp = fopen(filename, "rb");
[build]       |                ^
[build] C:\Program Files (x86)\Windows Kits\10\Include\10.0.26100.0\ucrt\stdio.h:212:20: note: 'fopen' has been explicitly marked deprecated here
[build]   212 |     _Check_return_ _CRT_INSECURE_DEPRECATE(fopen_s)
[build]       |                    ^
[build] C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.44.35207\include\vcruntime.h:368:55: note: expanded from macro '_CRT_INSECURE_DEPRECATE'
[build]   368 |         #define _CRT_INSECURE_DEPRECATE(_Replacement) _CRT_DEPRECATE_TEXT(    \
[build]       |                                                       ^
[build] C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.44.35207\include\vcruntime.h:358:47: note: expanded from macro '_CRT_DEPRECATE_TEXT'
[build]   358 | #define _CRT_DEPRECATE_TEXT(_Text) __declspec(deprecated(_Text))
[build]       |                                               ^
[build] 1 warning generated.
[build] [435/470  88% :: 41.568] Linking CXX static library E:\DEV\C++\Projects\Count-Engine-02\bin\Profile-Windows-Clang\glad\glad.lib
[build] [436/470  88% :: 41.576] Building C object Count/vendor/PlutoSVG/CMakeFiles/plutosvg.dir/source/plutosvg.c.obj
[build] E:/DEV/C++/Projects/Count-Engine-02/Count/vendor/PlutoSVG/source/plutosvg.c:1465:16: warning: 'fopen' is deprecated: This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [-Wdeprecated-declarations]
[build]  1465 |     FILE* fp = fopen(filename, "rb");
[build]       |                ^
[build] C:\Program Files (x86)\Windows Kits\10\Include\10.0.26100.0\ucrt\stdio.h:212:20: note: 'fopen' has been explicitly marked deprecated here
[build]   212 |     _Check_return_ _CRT_INSECURE_DEPRECATE(fopen_s)
[build]       |                    ^
[build] C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.44.35207\include\vcruntime.h:368:55: note: expanded from macro '_CRT_INSECURE_DEPRECATE'
[build]   368 |         #define _CRT_INSECURE_DEPRECATE(_Replacement) _CRT_DEPRECATE_TEXT(    \
[build]       |                                                       ^
[build] C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.44.35207\include\vcruntime.h:358:47: note: expanded from macro '_CRT_DEPRECATE_TEXT'
[build]   358 | #define _CRT_DEPRECATE_TEXT(_Text) __declspec(deprecated(_Text))
[build]       |                                               ^
[build] 1 warning generated.

[Count-MHM]

And with MSVC:

[build] [420/473  84% :: 13.980] Building CXX object Count\CMakeFiles\Count.dir\src\Count\Renderer\FontRasterizer.cpp.obj
[build] E:\DEV\C++\Projects\Count-Engine-02\Count\vendor\PlutoSVG\source\plutosvg-ft.h(152): warning C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
[build] E:\DEV\C++\Projects\Count-Engine-02\Count\vendor\PlutoSVG\source\plutosvg-ft.h(234): warning C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.

[sammycage]

We use fopen and sprintf for portability, since fopen_s and sprintf_s are not available on Linux or macOS.

To silence the warning, just add _CRT_SECURE_NO_WARNINGS to your compiler definitions

[Count-MHM]

Wouldn't it be more user-friendly to silence these warning from the library's side?
Adding _CRT_SECURE_NO_WARNINGS to user program would silence warnings for all of user's code, which is not ideal.

[Count-MHM]

And GCC doesn't report any warnings.
These 4 warning are the only warnings produced by this library with high warning settings.

By high warning, I mean -Wall -Wextra -Wpedantic for GCC, and clang and /W4 for MSVC.

[sammycage]

Wouldn't it be more user-friendly to silence these warning from the library's side? Adding _CRT_SECURE_NO_WARNINGS to user program would silence warnings for all of user's code, which is not ideal.

True, that's a fair point. The issue is that I don't have access to a Windows machine, so I don't see these warnings on my side. Fixing it from my end would mean coding blindly, which I try to avoid.

I rely on GitHub Actions to catch platform-specific warnings, and I do my best to address them when I can see what’s going on. If you have a clean way to silence just this warning within the library, feel free to suggest it.

[Count-MHM]

Both clang and MSVC suggest adding the same _CRT_SECURE_NO_WARNINGS definition.
Adding this definition inside an if() in CMake file should fix this, without requiring us of _s functions.
Let me test

[Count-MHM]

Had to add a guarded pragma because sprintf warnings were comming from a header file.
PlutoVG also has a single warning with clang, which can be fixed with this exact same CMake change. I'll submit a PR there.
PlutoVG warning:

[build] E:/DEV/C++/Projects/Count-Engine-02/Count/vendor/PlutoSVG/plutovg/source/plutovg-font.c:141:16: warning: 'fopen' is deprecated: This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [-Wdeprecated-declarations]

[sammycage]

Interesting, I’ll look into it. What are you using PlutoSVG for, by the way? If you’re keen, I’d love to hear more.

[Count-MHM]

Technically MSVC doesn't need _CRT_SECURE_NO_WARNINGS because its warnings are not coming from a source file compiled with PlutoSVG, I added them in case a warning is generated in a future version that requires _CRT_SECURE_NO_WARNINGS to silence.

[Count-MHM]

What are you using PlutoSVG for, by the way? If you’re keen, I’d love to hear more.

Currently, I'm only using it for emoji rendering with FreeType library in my game (engine), I'll probably use it for "real" SVG rendering to be able to use SVG assets in the future.

[sammycage]

What are you using PlutoSVG for, by the way? If you’re keen, I’d love to hear more.

Currently, I'm only using it for emoji rendering with FreeType library in my game (engine), I'll probably use it for "real" SVG rendering to be able to use SVG assets in the future.

Nice, that sounds great. It’s late here, so I’m signing off for now. Bye!

[Count-MHM]

I wasn't able to test this on my side, though.

Note: CMake considers both clang and clang-cl (clang with msvc style arguments) to be "clang" but meson (apparently) differentiates them

[rasky]

Wouldn't be easier to just use snprintf for these cases? That fixes the issue and is C99

[sammycage]

@rasky thanks for your suggestion. snprintf will work just fine, much cleaner than this hack. Would you like to open a PR?

[Count-MHM]

Wouldn't be easier to just use snprintf for these cases? That fixes the issue and is C99

Sadly no, using snprintf will silence MSVC warnings, but clang's fopen will remain.

The only way to silence fopen warnings are using fopen_s which is undesirable as it is C11, or adding a compiler definition.

I don't have any Mac/Hackintosh machines to test macOS builds, and I can't see why macOS build with meson failed. (GitHub doesn't allow me to expand build with meson for some reason)