Windows C++ Safe String Functions
Internationalization (I18n) Issue:
Even in non-internationalized applications, poor char buffer handling often results in buffer overruns. Once an application starts to handle Unicode data, these problems multiply. Microsoft in strsafe.h has defined new string handling calls that should be used in place of standard ANSI and even Microsoft calls.
I18n Solution:
The new calls defined in strsafe.h provide additional processing for proper buffer handling. strsafe.h may be obtained by downloading the Windows Core software development kit (SDK) from the SDK Update Site.
I18n Discussion:
The advantages of the Strsafe functions include:
The size of the destination buffer is always provided to the function to ensure that the function does not write past the end of the buffer.
Buffers are guaranteed to be null-terminated, even if the operation truncates the intended result.
All functions return an HRESULT, with only one possible success code (S_OK).
Each function is available in a corresponding character count (cch) or byte count (cb) version.
Most functions have an extended ("Ex") version available for advanced functionality.
Using Safe String Functions for Multibyte String Operations
Although the safe string functions can be used with multibyte strings (where the _MBCS compiler flag is set), there is a difference between a multibyte
function that operates on multibyte character lengths and the corresponding safe string function, which
operates on single-byte character lengths. As an example:
char *str = "\340\100"; // 2-byte character from code page 932
int len = _mbslen((unsigned char *)str);
The return from the call to _mbslen is 1 , since this is one multibyte character.
The safe string function replacement would be to use StringCchLength or
StringCbLength :
LPTSTR str = _T("\340\100"); // 2-byte character from code page 932
size_t len;
HRESULT hres = StringCchLength(str, sizeof(str)/sizeof(TCHAR), &len);
Upon return from StringCchLength , len will be 2 , since str has
two single-byte characters that make up the multibyte character. In addition, the second
parameter should be in the number of either single-byte or wide characters: dividing by the size
of TCHAR , which will be 2 in the case of a UTF-16 Unicode build (where the _UNICODE compiler flag
is set), ensures the correct size.
Recommended Replacements
Microsoft's strsafe calls and the calls that they replace are listed below. These tables were copied directly from the MSDN site.
strsafe.h character count functions
The following functions use a character count rather than a byte count.
strsafe.h function | Replaces |
StringCchCat, StringCchCatEx | strcat, wcscat, lstrcat, strcat, StrCatBuff, _tcscat, _ftcscat |
StringCchCatN, StringCchCatNEx | strncat, StrNCat |
StringCchCopy, StringCchCopyEx | strcpy, wcscpy, lstrcpy, strcpy, _tcscpy, _ftcscpy |
StringCchCopyN, StringCchCopyNEx | strncpy |
StringCchGets, StringCchGetsEx | gets, _getws, _getts |
StringCchPrintf, StringCchPrintfEx | sprintf, swprintf, wsprintf, wnsprintf, _stprintf, _snprintf, _snwprintf, _sntprintf |
StringCchVPrintf, StringCchVPrintfEx | vsprintf, vswprintf, wvsprintf, wvnsprintf, _vstprintf, _vsnprintf, _vsnwprintf, _vsntprintf |
StringCchLength | strlen, lstrlen |
strsafe.h byte count functions
The following functions use a byte count rather than a character count.
strsafe.h function | Replaces |
StringCbCat, StringCbCatEx | strcat, wcscat, lstrcat, strcat, StrCatBuff, _tcscat, _ftcscat |
StringCbCatN, StringCbCatNEx | strncat, StrNCat |
StringCbCopy, StringCbCopyEx | strcpy, wcscpy, lstrcpy, strcpy, _tcscpy, _ftcscpy |
StringCbCopyN, StringCbCopyNEx | strncpy |
StringCbGets, StringCbGetsEx | gets, _getws, _getts |
StringCbPrintf, StringCbPrintfEx | sprintf, swprintf, wsprintf, wnsprintf, _stprintf, _snprintf, _snwprintf, _sntprintf |
StringCbVPrintf, StringCbVPrintfEx | vsprintf, vswprintf, wvsprintf, wvnsprintf, _vstprintf, _vsnprintf, _vsnwprintf, _vsntprintf |
StringCbLength | strlen, lstrlen |
Locale-Sensitive C++ Methods
|