View Single Post
Old 2012-05-27, 16:45   #2
LaurV
Romulan Interpreter
 
LaurV's Avatar
 
Jun 2011
Thailand

24·13·47 Posts
Default

Quote:
Originally Posted by Dubslow View Post
strcpy_s has a different definition, requiring a third size argument; it's just meant to be a "catch stupid programmer error" thing.
[offtopic]That is totally false. It is meant to catch malicious guys feeding you with a malicious string at run time. Have a look at buffer overflow thingies, and plenty of viruses/trojans who exploit it. Classical strcpy will copy a string till a \0 is found. If there is not one found, all your memory could be overwritten. As both the string (data) and the code are in the memory, if your program does not take special precautions, then I can make a malicious string that will be copied over (overwrite) part of your program. Please make a habit to use "safe" string functions every time you can (that should be 99.99%of the cases). If I know where your string is in memory (easy to find out, search the common buffers for ascii characters) then I can replace the \0 and you program goes in the woods.[/offtopic]
LaurV is offline   Reply With Quote