Question about C++ char Pointer

Hot Topic

Compiling VS 2005 Beta2 to a mounted network share
Web Browser C++ Samples?
serialPort
ostream::seekp not working.
Binding Navagation Like buttons
Example C: Getting and Setting Certificates Properties
pin_ptr and jagged arrays.
How can I write managed code in MFC project???
Compile time error for size parameter in templates
int thisarray[19][14] in a class derived from cobject

Visual C++

"definition of dllimport function not allowed" error
Resource Compiler Fatal Error in Visual Studio 2005 Beta
Linking static libraries in Visual C++ + passing Byte[] to native C functions?
Can't use resource view to edit resource in VC8
use of __value as a variable name in unmanaged c++ code
help me to fìnd these Problems
comments in a command line file?
wordwrap text in label?
XML reader for native C++
ultra fast binary writes

Question about C++ char Pointer

  When I use VC++ 6.0(with SP5.0) like this:

  char temp[2];

  memset(temp,0,sizeof(temp));

  strcpy(temp,"This is a test\0");

  MessageBox(0,temp,temp,MB_OK);

 

The result in temp[2] is "This is a test".There is only two bytes of memory,why can copy more than 2 bytes char



Answer this question

Question about C++ char Pointer

  • KevinMacDonald

    jmsp wrote:

    Also, you should use: strcpy_s as strcpy has been deprecated.

    strcpy_s requires you to pass in the size of the block you are writing to as well as the number of bytes being written so that it can perform a check and prevent overflow.

    One problem with using the secure CRT functions is that you cannot target multiple compilers with the same code base. We have a library that's to work on VC6, 7.1 and 2005, and we had to wrap the string functions so that they'd compile without warnings on all 3 compilers. Pretty much of a pain in the rear it was too :-)



  • Krishnan MSFT

    I can see a demand for a reverse-engineered (or semi-so) Secure CRT for people to write portable code.

  • Dan Crowell

    KeFei Wang wrote:
    Very thank you Chris.But both strcpy() and memcpy() have this problem,and I copy other char* after this operate,it have no problem,maybe my test app is tiny

    To add to what Chris said, I believe you are running the debug build. You may get a crash and/or corrupted variables in a release build.



  • jigee

    Also, you should use: strcpy_s as strcpy has been deprecated.

    strcpy_s requires you to pass in the size of the block you are writing to as well as the number of bytes being written so that it can perform a check and prevent overflow.

  • snark112

    VS 2003 (VC7.1) and VS 2005 (VC8) compilers feature a /GS switch (off by default in 2003, on by default in 2005) that causes some code to be injected into each epilog to check for stack buffer overwrites.  Not only do stack buffer overwrites clobber data in general, but also presents the kind of attack where the function return address slot on the stack can be written with an address of a malicilous payload. 

    Security wasn't a hot issue back in the VC6 days.

    Brian

     

  • Sudheer_Dhulipalla_MSFT

    Hi,

    It probably overflows to the next char buffer, as strcpy doesn’t have buffer checking.

    Regards,

    -chris

  • Kate O

     I'm in the same boat.   Rather than even attempting what you did, in my shared header I put in the lines below.  I don't think I've ever run into a case where the Secure CRT would have caught a bug in my code anyway.  (For large mission critical code bases, I can see the need for the Secure CRT, otherwise it's a pain as you say.)

    #ifndef _SECURE_SCL
    #define _SECURE_SCL 0
    #endif

    #ifndef _CRT_SECURE_NO_DEPRECATE
    #define _CRT_SECURE_NO_DEPRECATE
    #endif

    #ifndef _CRT_NONSTDC_NO_DEPRECATE
    #define _CRT_NONSTDC_NO_DEPRECATE
    #endif

    #ifndef _SCL_SECURE_NO_DEPRECATE
    #define _SCL_SECURE_NO_DEPRECATE
    #endif

     

  • renz2k7

    Our product is a source code library, so we cannot do that - because our clients may actually want the secure CRT warnings enabled. That's why we had to wrap them all!

    Brian Kramer wrote:

    I'm in the same boat. Rather than even attempting what you did, in my shared header I put in the lines below. I don't think I've ever run into a case where the Secure CRT would have caught a bug in my code anyway. (For large mission critical code bases, I can see the need for the Secure CRT, otherwise it's a pain as you say.)

    #ifndef _SECURE_SCL
    #define _SECURE_SCL 0
    #endif

    #ifndef _CRT_SECURE_NO_DEPRECATE
    #define _CRT_SECURE_NO_DEPRECATE
    #endif

    #ifndef _CRT_NONSTDC_NO_DEPRECATE
    #define _CRT_NONSTDC_NO_DEPRECATE
    #endif

    #ifndef _SCL_SECURE_NO_DEPRECATE
    #define _SCL_SECURE_NO_DEPRECATE
    #endif



  • Cyn2255

    Internally, code and data are in separate memory location. If your application is as tiny as that, then the compiler will align the data in 32-bit boundaries, so I think the over-written data when you called strcpy or memcpy are just garbage. But it's not always the case, better to declare exact buffer based on how much memory do you need to prevent any unexpected errors in the future.

    Regards,

    -chris

  • Tristao

    Very thank you Chris.But both strcpy() and memcpy() have this problem,and I copy other char* after this operate,it have no problem,maybe my test app is tiny
  • Question about C++ char Pointer
Answer this question