The StringCbCopy function is used to copy strings, and provides the size of the target buffer as a parameter to prevent security issues such as buffer overflow.
This function can be used to replace the use of the following functions:
strcpy, wcscpy, _tcscpy,lstrcpy,StrCpy
The prototype of the StringCbCopy function is as follows:
HRESULT StringCbCopy(
__out LPTSTR pszDest, // destination string buffer
__in size_t cbDest, // Destination buffer size ( bytes ), this value must consider the size of pszSrc plus the null terminator '/0';
__in LPCTSTR pszSrc // Source string buffer, must end with '/0 '
);
The function return value is as follows (it is strongly recommended to use the SUCCEEDED and FAILED macros to test the return value):
S_OK // Everything is OK
STRSAFE_E_INVALID_PARAMETER // The size of the value in the destination buffer is either 0 or larger than the maximum allowed value
STRSAFE_E_INSUFFICIENT_BUFFER // The size of the target buffer is not enough, the data is truncated;
// When data truncation is allowed, this is not an error
The StringCbCopy function automatically calls different functions according to the incoming string parameter type:
// String type string instance automatically called function
char"ASCE"StringCbCopyA
TCHAR TEXT("ASCE") StringCbCopy
WCHAR L"ASCE" StringCbCopyW
There is also a similar function StringCchCopy, the only difference between it and the above two functions is that the StringCchCopy function counts the number of characters, while the StringCbCopy function counts the number of bytes.
(ch means character; b means byte), the prototypes of these two functions are as follows:
HRESULT StringCchCopy(
__out LPTSTR pszDest,
__in size_t cchDest, // The size of pszDest ( number of characters )
__in LPCTSTR pszSrc
);
Usage example:
Get the current directory. Before using the strSafe series of functions, the classic usage is:
voidUnsafeFunc(LPTSTR szPath,DWORD cchPath) {
TCHAR szCWD[MAX_PATH];
GetCurrentDirectory(ARRAYSIZE(szCWD), szCWD);
strncpy (szPath, szCWD, cchPath); //The return value is not checked
strncat(szPath, TEXT("//"), cchPath);
strncat(szPath, TEXT("asce.ini"),cchPath);
}
After using the strSafe series of functions, the safety of string processing is improved:
boolSaferFunc(LPTSTR szPath,DWORD cchPath) {
TCHAR szCWD[MAX_PATH];
if (GetCurrentDirectory(ARRAYSIZE(szCWD), szCWD) &&
SUCCEEDED(StringCchCopy(szPath, cchPath, szCWD)) &&
SUCCEEDED(StringCchCat(szPath, cchPath, TEXT("//"))) &&
SUCCEEDED(StringCchCat(szPath, cchPath, TEXT("asce.ini")))) {
return true;
}
return false;
}