strcpy_s to copy a string

Posted on 2006-04-03
Last Modified: 2012-05-05
I've got the following code used to copy a string to a c style string which does not work:

myFunct(const string *str)
    int strLen = str->length() + 1;
    char *strTemp = new char[strLen];
    strcpy_s(strTemp, sizeof(strTemp), str->c_str());
    //do something with strTemp
    delete [] strTemp;

The second parameter to strcpy_s, sizeof(strTemp), is too small to hold the incoming str->c_str().  It's only four bytes I'm assuming because it is a pointer.

I tried changing the sizeof call to use the dereferenced pointer as folllows, but that just returns 1 byte;
strcpy_s(strTemp, sizeof(*strTemp), str->c_str());

I could just use strLen as the size of the destination buffer, but it seems that would defeat the security.

What is the correct and secure way to copy a string to a C style string?  Any comments on this method of copying?

Question by:JohnSantaFe
    LVL 23

    Accepted Solution

    The size parameter specifies the maximum size of the destination buffer.  It is used to prevent buffer overruns.  In your case, the size of the destination buffer is strLen, not sizeof(strTemp) [which you have correctly deduced is sizeof(pointer)].

    However, since you are explicitly allocating the destination buffer to be the same size as the source string, the additional security is somewhat unnecessary.


    Author Comment


    I see what you mean.  After thinking more about it, this method actually seems more secure than declaring a char that's too large "just in case".


    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    commonTwo  challenge 63 69
    for loop with Set 4 38
    Using YubiKey with REST API application 2 54
    bunnyEars challenge 6 46
    Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
    A short article about a problem I had getting the GPS LocationListener working.
    In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
    In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now