On Thu, Jul 19, 2018 at 09:08:08PM -0400, Jeff King wrote: > Contrast this with memcpy(). This is on Microsoft's SDL banned list[1], > but I think it's silly for it to be. I would never add it to this list. I forgot my footnote, which was going to be: I'm bringing up that list not because I think it's necessarily a good list, but because it's _a_ list. And as I was recently subjected to an audit that referenced it, I've been thinking a lot about ban-lists and whether they are useful (and specifically for which functions). It's at https://msdn.microsoft.com/en-us/library/bb288454.aspx if you're curious, but again, that is absolutely not the ban-list I am working towards. To what I posted already, I'd probably add strcat() and vsprintf() based on discussions here, and then call it done. -Peff