What are safe string functions and why we would ever want to use them?
Let's take a look at the following snippet of code:
char x[256];
sprintf(x,"%s", INP);
How can we be sure that INP is a null terminated string or how can we check that it's length is less than 256 bytes?
To avoid buffer overflow, starting from visual studio 2005 we have what is called "safe methods", while the old functions became deprecated.
So we would use sprintf_s(x, "%s", INP);
In visual studio 6 however the solution would be to use the _snprintf function which is specific to windows and allows us to set the maximum number of bytes to be written to the buffer.
Thus _snprintf(x, 255, "%s", INP) assures us that no buffer overflow can be expected.
Tags
c++