Jump to content
  • Advertisement
Sign in to follow this  
Prog101

sprint warning

This topic is 4021 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

hi guys I keep getting a stupid warning saying sprintf can be unsafe use sprint_s instead, how do i convert sprintf(fileName, "%s.txt", fileLocation); to use sprintf_s instead?

Share this post


Link to post
Share on other sites
Advertisement
sprintf_s's signature:
Quote:

int sprintf_s(
char *buffer,
size_t sizeOfBuffer,
const char *format [,
argument] ...
);
Where sizeOfBuffer is the maximum number of characters to store in the target buffer.

Keep in mind that this isn't portable. If VS is bugging you about it and you wish to stick with the "old" version, define _CRT_SECURE_NO_WARNINGS to get rid of these warnings.

Share this post


Link to post
Share on other sites
I used "#pragma warning(disable: 4996)" to get rid of all the stupid "unsafe... use Func_s instead" warnings

Share this post


Link to post
Share on other sites
All of the *_s routines are Microsoft extensions, so I recommed against
using them if you want portability.

I personally disable it via #pragma if it is being compilied
on MSVC++ EE.

Share this post


Link to post
Share on other sites
Or you could, you know, use a real string type, such as std::string. Assuming C++. If using C: "or you could, you know, use a language with a real string type in its standard library, such as C++." :)

Share this post


Link to post
Share on other sites
Quote:
Original post by Zahlman
Or you could, you know, use a real string type, such as std::string. Assuming C++. If using C: "or you could, you know, use a language with a real string type in its standard library, such as C++." :)

Eh, the *printf functions are IMO far more convenient to use in many cases than the string manipulation operators on std::string or streams (e.g. std::stringstream). So C style strings still have their uses.

One possibility is to just use the _s functions which will be more secure and make you think more about the possibility of a buffer overflow. If/when you port to another platform you can define inline functions for sprintf_s et. al. that forward to the standard function calls and ignore the buffer length parameter.

Share this post


Link to post
Share on other sites
Quote:
Original post by penwan
Quote:
Original post by Zahlman
Or you could, you know, use a real string type, such as std::string. Assuming C++. If using C: "or you could, you know, use a language with a real string type in its standard library, such as C++." :)

Eh, the *printf functions are IMO far more convenient to use in many cases than the string manipulation operators on std::string or streams (e.g. std::stringstream). So C style strings still have their uses.


Yes, because every output statement involving your variable breaking when you change it's type is handy, as is explicitly having to manage all your buffer sizes, and debugging whatever buffer overflows you accidentally put in </sarcasm>.

If you need positional placement, use boost::format. Not only is it type, object, and argument-count safe (unlike the *printf family currently inherited by the Standard C++ Library), but it's also more flexible in that placement than printf itself too.

And of course, by using memory auto-management types, we can avoid a whole slew of possible buffer overflows by never managing those buffers ourselves -- and chancing getting them wrong (which over time changes from a chance into a statistic).

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!