Sign in to follow this  
programmermattc

About strcpy_s

Recommended Posts

It is the size of the destination in bytes where the string is to be written. It is not the size of the source string to be copied.

Share this post


Link to post
Share on other sites
There is no default for this value, because a default would defeat the purpose entirely of having it.

It is the size, in bytes, of the buffer into which you are strcpy()ing: that is, the number of consecutive bytes, starting at the 'dest' pointer, to which the program may safely write. It is your responsibility to determine this value. In the case of a local array, where you pass the array name for the first parameter, you can use the size of the array. (You can also automate this procedure to some extent; consult MSDN for details - but in the non-simple cases, you're still screwed.) In the case of a raw pointer, you have to figure it out somehow. If you don't have the information around, you are screwed. There is no standard way, given just a memory address (which is ALL a char* is, really), to determine whether the memory at that location (and if so, how much) is "safe" to write to. And even if it's "safe" to write to - in the sense that your process allocated it - there's no telling if it is being used to represent some adjacent variable.

This is one of the many, many reasons why sane people use std::string. The alternative is to track the lengths of your allocations. If you get a little smarter about it, you save yourself huge amounts of headaches by creating a struct to "bind" a char* allocation with its allocated-size count. If you get a little smarter still, you save more headaches in other ways... ultimately you reinvent the wheel of std::string.

Share this post


Link to post
Share on other sites
Is strcpy() still used? In C++ Express I'm getting this when I use it:

.\Core_System.cpp(152) : warning C4996: 'strcpy' was declared deprecated

And then:

Message: 'This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_DEPRECATE. See online help for details.'

Share this post


Link to post
Share on other sites
You can still use it. However, you may be running the risk of writing to memory you shouldn't be.

strcpy(char * dest, const char * src) works by copying every character it finds at src into the memory at dest, progressively working down the string until it gets to a zero character (null terminator). If src points to a 200 byte string, and dest points to a 100 byte buffer, your program will go ahead and write 100 bytes past the end of the buffer (very bad).

strcpy_s(char * dest, size_t size, const char * src) works in the same way, except it will never write more than size bytes into the buffer at dest. So, from the previous example, if you call strcpy_s(dest, 100, src), strcpy_s will only copy 100 bytes even if src is a 200 byte string.

Use strcpy_s! You should ALWAYS know how much memory you have allocated in any given buffer - just put that number as the second parameter of strcpy_s.

If you have a choice, use std::string instead of allocating buffers yourself. With std::string, you can do things like:

std::string s;
s = "Wow, I don't have to use strcpy_anything anymore!";
s += " Isn't that great?";

Share this post


Link to post
Share on other sites
Well, you can still use it. It still works. Deprecated means it is still in the library but the compiler is recommending you don't use it since there are security holes in strcpy (due to potential buffer overflows which have been exploited to perform code injection I believe). strcpy_s prevents such overflows.

However, as has been pointed out, unless you have a very good reason for dealing with raw char arrays, you'd be far better off using std::string like everyone else.

Share this post


Link to post
Share on other sites
Quote:
Original post by programmermattc
Is strcpy() still used? In C++ Express I'm getting this when I use it:

.\Core_System.cpp(152) : warning C4996: 'strcpy' was declared deprecated

And then:

Message: 'This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_DEPRECATE. See online help for details.'


You can still strcpy.

If coding in C++ you should use the C++ standard library instead.

If coding in C, you should use strcpy - do not use strcpy_s unless you never, ever want to compile your code on any platform other than Windows and with any compiler apart from Visual C++ 2005.

It is not depracted from the C standard library. Only the standards committee can do that - Microsoft can't.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this