• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 673
  • Last Modified:

secure copy method

hello. what is the secure method of this ?

string s = "jzxlckzjxlckzxj";
char* buf = new char[s.length()];
s.copy(buf, s.length());
1 Solution
Hi m-jansen,
What do you mean by secure.

The above code is not creating a buffer big enough, because it's not including the NULL terminated buffer.

string s = "jzxlckzjxlckzxj";
char* buf = new char[s.size() + 1];
if (buf)
   strncpy(buf, s.data(), s.size());
   buf[s.size()] = 0;

David Maisonave (Axter)
m-jansenAuthor Commented:
VC8 complains that I'm not using a secure method...
: warning C4996: 'std::basic_string<_Elem,_Traits,_Ax>::copy' was declared deprecated
        C:\Programfiler\Microsoft Visual Studio 8\VC\include\xstring(1642) : see declaration of 'std::basic_string<_Elem,_Traits,_Ax>::copy'
        Message: 'You have used a std:: construct that is not safe. See documentation on how to use the Safe Standard C++ Library'
This type of messages are always there when you use standard library.

Instead of using the method s.copy(), try s._Copy_s(). Your code will then look somthing like this:

string s = "jzxlckzjxlckzxj";
char* buf = new char[s.length() ];
s._Copy_s( buf, s.length(), s.length(), 0 );

parameter 1: the destination buffer
parameter 2: size of destination
parameter 3: size of source ( I think this is what the parameter is)
parameter 4: offset

Note there is no NULL terminator at the end of the string buf.  So if you print it or something you will get some garbage at the end of your string.

Hope this helps.

If you are stepping into the ANSI string functions, consider using strdup() as a mechanism
to avoid the common "forgot to allocate an extra byte for the NUL terminator" error.

string s = "jzxlckzjxlckzxj";
char* buf = strdup(s.c_str());

However, keep in minde that strdup() uses malloc() rather than new to allocate the memory
for the duplicate, so remember to call free() rather than delete.

Axter, choo_chu,

As experts the C/C++ TAs, please try to be more accurate in your distinction between NUL and NULL:

NUL       (char)0         // ASCII NUL control code
NULL      (void *)0      // nil pointer

C strings are ASCIIZ strings, an array of non-NUL characters, terminated with a NUL character.


Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now