View Single Post
Old 2012-05-27, 16:45   #2
Romulan Interpreter
LaurV's Avatar
Jun 2011

24·13·47 Posts

Originally Posted by Dubslow View Post
strcpy_s has a different definition, requiring a third size argument; it's just meant to be a "catch stupid programmer error" thing.
[offtopic]That is totally false. It is meant to catch malicious guys feeding you with a malicious string at run time. Have a look at buffer overflow thingies, and plenty of viruses/trojans who exploit it. Classical strcpy will copy a string till a \0 is found. If there is not one found, all your memory could be overwritten. As both the string (data) and the code are in the memory, if your program does not take special precautions, then I can make a malicious string that will be copied over (overwrite) part of your program. Please make a habit to use "safe" string functions every time you can (that should be 99.99%of the cases). If I know where your string is in memory (easy to find out, search the common buffers for ascii characters) then I can replace the \0 and you program goes in the woods.[/offtopic]
LaurV is offline   Reply With Quote