secure copy method

hello. what is the secure method of this ?

string s = "jzxlckzjxlckzxj";
char* buf = new char[s.length()];
s.copy(buf, s.length());
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi m-jansen,
What do you mean by secure.

The above code is not creating a buffer big enough, because it's not including the NULL terminated buffer.

string s = "jzxlckzjxlckzxj";
char* buf = new char[s.size() + 1];
if (buf)
   strncpy(buf,, s.size());
   buf[s.size()] = 0;

David Maisonave (Axter)
m-jansenAuthor Commented:
VC8 complains that I'm not using a secure method...
: warning C4996: 'std::basic_string<_Elem,_Traits,_Ax>::copy' was declared deprecated
        C:\Programfiler\Microsoft Visual Studio 8\VC\include\xstring(1642) : see declaration of 'std::basic_string<_Elem,_Traits,_Ax>::copy'
        Message: 'You have used a std:: construct that is not safe. See documentation on how to use the Safe Standard C++ Library'
This type of messages are always there when you use standard library.

Instead of using the method s.copy(), try s._Copy_s(). Your code will then look somthing like this:

string s = "jzxlckzjxlckzxj";
char* buf = new char[s.length() ];
s._Copy_s( buf, s.length(), s.length(), 0 );

parameter 1: the destination buffer
parameter 2: size of destination
parameter 3: size of source ( I think this is what the parameter is)
parameter 4: offset

Note there is no NULL terminator at the end of the string buf.  So if you print it or something you will get some garbage at the end of your string.

Hope this helps.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
If you are stepping into the ANSI string functions, consider using strdup() as a mechanism
to avoid the common "forgot to allocate an extra byte for the NUL terminator" error.

string s = "jzxlckzjxlckzxj";
char* buf = strdup(s.c_str());

However, keep in minde that strdup() uses malloc() rather than new to allocate the memory
for the duplicate, so remember to call free() rather than delete.

Axter, choo_chu,

As experts the C/C++ TAs, please try to be more accurate in your distinction between NUL and NULL:

NUL       (char)0         // ASCII NUL control code
NULL      (void *)0      // nil pointer

C strings are ASCIIZ strings, an array of non-NUL characters, terminated with a NUL character.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.