Partager via


Strsafe.h Buffer Handling (Windows Embedded CE 6.0)

1/5/2010

Incorrect buffer handling can be the cause of many security issues that involve buffer overruns.

You can use the functions defined in Strsafe.h instead of the built-in C/C++ string handling functions to improve buffer handling in your code. The following are advantages of Strsafe functions:

  • All functions require the size of the destination buffer to ensure that the function does not write past the end of the buffer.
  • Buffers returned by all functions are guaranteed to be null-terminated, even if the operation truncates the intended result.
  • All functions return an HRESULT with only one possible success code, S_OK.
  • Each function is available in two versions: a character count and a byte count version.
  • Most functions have an extended version available for advanced functionality, for example StringCchCopyEx.

See Also

Reference

StrSafe.h Character-Count Functions
StrSafe.h Byte-Count Functions

Concepts

Using Strsafe.h

Other Resources

Safe String Functions