secure copy method

Posted on 2006-04-20
Last Modified: 2012-08-13
hello. what is the secure method of this ?

string s = "jzxlckzjxlckzxj";
char* buf = new char[s.length()];
s.copy(buf, s.length());
Question by:m-jansen
    LVL 30

    Expert Comment

    Hi m-jansen,
    What do you mean by secure.

    The above code is not creating a buffer big enough, because it's not including the NULL terminated buffer.

    string s = "jzxlckzjxlckzxj";
    char* buf = new char[s.size() + 1];
    if (buf)
       strncpy(buf,, s.size());
       buf[s.size()] = 0;

    David Maisonave (Axter)

    Author Comment

    VC8 complains that I'm not using a secure method...
    : warning C4996: 'std::basic_string<_Elem,_Traits,_Ax>::copy' was declared deprecated
            C:\Programfiler\Microsoft Visual Studio 8\VC\include\xstring(1642) : see declaration of 'std::basic_string<_Elem,_Traits,_Ax>::copy'
            Message: 'You have used a std:: construct that is not safe. See documentation on how to use the Safe Standard C++ Library'
    LVL 12

    Expert Comment

    This type of messages are always there when you use standard library.
    LVL 1

    Accepted Solution


    Instead of using the method s.copy(), try s._Copy_s(). Your code will then look somthing like this:

    string s = "jzxlckzjxlckzxj";
    char* buf = new char[s.length() ];
    s._Copy_s( buf, s.length(), s.length(), 0 );

    parameter 1: the destination buffer
    parameter 2: size of destination
    parameter 3: size of source ( I think this is what the parameter is)
    parameter 4: offset

    Note there is no NULL terminator at the end of the string buf.  So if you print it or something you will get some garbage at the end of your string.

    Hope this helps.

    LVL 23

    Expert Comment

    If you are stepping into the ANSI string functions, consider using strdup() as a mechanism
    to avoid the common "forgot to allocate an extra byte for the NUL terminator" error.

    string s = "jzxlckzjxlckzxj";
    char* buf = strdup(s.c_str());

    However, keep in minde that strdup() uses malloc() rather than new to allocate the memory
    for the duplicate, so remember to call free() rather than delete.

    Axter, choo_chu,

    As experts the C/C++ TAs, please try to be more accurate in your distinction between NUL and NULL:

    NUL       (char)0         // ASCII NUL control code
    NULL      (void *)0      // nil pointer

    C strings are ASCIIZ strings, an array of non-NUL characters, terminated with a NUL character.


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Suggested Solutions

    In days of old, returning something by value from a function in C++ was necessarily avoided because it would, invariably, involve one or even two copies of the object being created and potentially costly calls to a copy-constructor and destructor. A…
    Introduction This article is the first in a series of articles about the C/C++ Visual Studio Express debugger.  It provides a quick start guide in using the debugger. Part 2 focuses on additional topics in breakpoints.  Lastly, Part 3 focuses on th…
    The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.
    The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now