Question about C++ char Pointer

Hot Topic

cant find file?
Why no single-threaded support in compiler options? This breaks the /Za switch...
build solution every time
Please delete this post.
executing windows commands from vc++(eg: net user)
Converting from 'int' to 'string' to use AppendText
Changed the COM signatures....using ildasm.....
how to stop an application like a messagebox does
help! vs 2005 runtime lib
Accessing textbox's Text from outside Form class? Possible?

Visual C++

Linking-Error with VSC++ 8.0
How to install a Debugger Visualizer for a C++ object in Visual Studio 2005?
error LNK2005: "void __cdecl bp5(void)" (?bp5@@YAXXZ) already defined in test.obj
byte array to char array
MFC and WebBrowser control
Going from VC++ 6 Pro to VC++ 2005 Pro
Visual Studio 2005 CMenu Windows 2003 Style
error PRJ0019: A tool returned an error code from "Building final directory..." VS2k3
Dialog boxes... Can't work it out... Plz help me???
How do I compile in VS 2005 Express?

Question about C++ char Pointer

  When I use VC++ 6.0(with SP5.0) like this:

  char temp[2];

  memset(temp,0,sizeof(temp));

  strcpy(temp,"This is a test\0");

  MessageBox(0,temp,temp,MB_OK);

 

The result in temp[2] is "This is a test".There is only two bytes of memory,why can copy more than 2 bytes char



Answer this question

Question about C++ char Pointer

  • TonMekking

    Internally, code and data are in separate memory location. If your application is as tiny as that, then the compiler will align the data in 32-bit boundaries, so I think the over-written data when you called strcpy or memcpy are just garbage. But it's not always the case, better to declare exact buffer based on how much memory do you need to prevent any unexpected errors in the future.

    Regards,

    -chris

  • joybridge

    jmsp wrote:

    Also, you should use: strcpy_s as strcpy has been deprecated.

    strcpy_s requires you to pass in the size of the block you are writing to as well as the number of bytes being written so that it can perform a check and prevent overflow.

    One problem with using the secure CRT functions is that you cannot target multiple compilers with the same code base. We have a library that's to work on VC6, 7.1 and 2005, and we had to wrap the string functions so that they'd compile without warnings on all 3 compilers. Pretty much of a pain in the rear it was too :-)



  • Ashton

    Hi,

    It probably overflows to the next char buffer, as strcpy doesn’t have buffer checking.

    Regards,

    -chris

  • Nicolas Webb

    Very thank you Chris.But both strcpy() and memcpy() have this problem,and I copy other char* after this operate,it have no problem,maybe my test app is tiny

  • 天秀软件

    Also, you should use: strcpy_s as strcpy has been deprecated.

    strcpy_s requires you to pass in the size of the block you are writing to as well as the number of bytes being written so that it can perform a check and prevent overflow.

  • Klas Mellbourn

     I'm in the same boat.   Rather than even attempting what you did, in my shared header I put in the lines below.  I don't think I've ever run into a case where the Secure CRT would have caught a bug in my code anyway.  (For large mission critical code bases, I can see the need for the Secure CRT, otherwise it's a pain as you say.)

    #ifndef _SECURE_SCL
    #define _SECURE_SCL 0
    #endif

    #ifndef _CRT_SECURE_NO_DEPRECATE
    #define _CRT_SECURE_NO_DEPRECATE
    #endif

    #ifndef _CRT_NONSTDC_NO_DEPRECATE
    #define _CRT_NONSTDC_NO_DEPRECATE
    #endif

    #ifndef _SCL_SECURE_NO_DEPRECATE
    #define _SCL_SECURE_NO_DEPRECATE
    #endif

     

  • rowlandk

    VS 2003 (VC7.1) and VS 2005 (VC8) compilers feature a /GS switch (off by default in 2003, on by default in 2005) that causes some code to be injected into each epilog to check for stack buffer overwrites.  Not only do stack buffer overwrites clobber data in general, but also presents the kind of attack where the function return address slot on the stack can be written with an address of a malicilous payload. 

    Security wasn't a hot issue back in the VC6 days.

    Brian

     

  • salim_555

    KeFei Wang wrote:
    Very thank you Chris.But both strcpy() and memcpy() have this problem,and I copy other char* after this operate,it have no problem,maybe my test app is tiny

    To add to what Chris said, I believe you are running the debug build. You may get a crash and/or corrupted variables in a release build.



  • Amarender gade

    I can see a demand for a reverse-engineered (or semi-so) Secure CRT for people to write portable code.

  • Vikra

    Our product is a source code library, so we cannot do that - because our clients may actually want the secure CRT warnings enabled. That's why we had to wrap them all!

    Brian Kramer wrote:

    I'm in the same boat. Rather than even attempting what you did, in my shared header I put in the lines below. I don't think I've ever run into a case where the Secure CRT would have caught a bug in my code anyway. (For large mission critical code bases, I can see the need for the Secure CRT, otherwise it's a pain as you say.)

    #ifndef _SECURE_SCL
    #define _SECURE_SCL 0
    #endif

    #ifndef _CRT_SECURE_NO_DEPRECATE
    #define _CRT_SECURE_NO_DEPRECATE
    #endif

    #ifndef _CRT_NONSTDC_NO_DEPRECATE
    #define _CRT_NONSTDC_NO_DEPRECATE
    #endif

    #ifndef _SCL_SECURE_NO_DEPRECATE
    #define _SCL_SECURE_NO_DEPRECATE
    #endif



  • Question about C++ char Pointer
Answer this question