Differences between strncpy and strncpy_s
-
I got burned by this once. As you know, the
str_xxx__sfunctions are the secure versions ofstr_xxx_, which check the buffer size to prevent overruns. When porting old code to VS2005 or later, I usually replace all these functions more or less mechanically. However, there strncpy has changed in a way which sometimes breaks code in a puzzling manner. From MSDN documentation strncpychar *strncpy(
char *strDest,
const char *strSource,
size_t count
);The strncpy function copies the initial count characters of strSource to strDest and returns strDest. If count is less than or equal to the length of strSource, a null character is not appended automatically to the copied string. strncpy_s
errno_t strncpy_s(
char *strDest,
size_t numberOfElements,
const char *strSource,
size_t count
);These functions try to copy the first D characters of strSource to strDest, where D is the lesser of count and the length of strSource. If those D characters will fit within strDest (whose size is given as numberOfElements) and still leave room for a null terminator, then those characters are copied and a terminating null is appended; otherwise, strDest[0] is set to the null character and ... Now under ordinary circumstances, this is fine, but in a few cases, the source string was being copied to the middle of the destination (overwriting part of the existing string). The old specification meant that the remaining string is left intact, but with the new secure version, the string gets truncated. Using memcpy instead has fixed the issue (for now, at least, until I can rewrite the spaghetti that I've inherited... X| )
-
I got burned by this once. As you know, the
str_xxx__sfunctions are the secure versions ofstr_xxx_, which check the buffer size to prevent overruns. When porting old code to VS2005 or later, I usually replace all these functions more or less mechanically. However, there strncpy has changed in a way which sometimes breaks code in a puzzling manner. From MSDN documentation strncpychar *strncpy(
char *strDest,
const char *strSource,
size_t count
);The strncpy function copies the initial count characters of strSource to strDest and returns strDest. If count is less than or equal to the length of strSource, a null character is not appended automatically to the copied string. strncpy_s
errno_t strncpy_s(
char *strDest,
size_t numberOfElements,
const char *strSource,
size_t count
);These functions try to copy the first D characters of strSource to strDest, where D is the lesser of count and the length of strSource. If those D characters will fit within strDest (whose size is given as numberOfElements) and still leave room for a null terminator, then those characters are copied and a terminating null is appended; otherwise, strDest[0] is set to the null character and ... Now under ordinary circumstances, this is fine, but in a few cases, the source string was being copied to the middle of the destination (overwriting part of the existing string). The old specification meant that the remaining string is left intact, but with the new secure version, the string gets truncated. Using memcpy instead has fixed the issue (for now, at least, until I can rewrite the spaghetti that I've inherited... X| )