Re: _stprintf
- From: "Norman Diamond" <ndiamond@xxxxxxxxxxxxxxxx>
- Date: Mon, 31 Jul 2006 19:40:24 +0900
"Joseph M. Newcomer" <newcomer@xxxxxxxxxxxx> wrote in message news:e57oc2lrr2nd1j0nt83h8e7h02ahjsbqih@xxxxxxxxxx
Use CString::Format as the preferred choice.
On "real" Windows I agree. On Windows CE where extra libraries will occupy the machine's RAM, it might not be a good idea.
If you MUST use some form like _stprintf, use StringCchPrintf (I think that's the name, but search for strsafe.h on the MSDN) which at least will avoid any possibility of buffer overflow
As documented it will not have such a beneficial effect.
StringCchPrintf(_T("%c"), B, sizeof(B) / sizeof(TCHAR), (BYTE)('a' + i));
Mihai N. addressed a problem with your cast to BYTE and you made an adjustment which I'm still thinking about. Since arguments to StringCchPrintf are either Unicode or ANSI, the last argument should be either char or wchar_t, and I'm trying to figure out if WORD is guaranteed to marshall a char value properly.
More importantly is that, as documented, buffer overflow can very easily occur. Suppose we have an ANSI compilation and make B an array of 2 chars. Then the buffer has enough space for 1 single-byte character plus a null character. But if the last argument is a double-byte character then StringCchPrintf is documented to copy both bytes plus a single-byte null character, total 3 bytes.
.
- Follow-Ups:
- Re: _stprintf
- From: Joseph M . Newcomer
- Re: _stprintf
- References:
- Re: _stprintf
- From: Joseph M . Newcomer
- Re: _stprintf
- Prev by Date: Re: ANSI string from UNICODE app.
- Next by Date: Re: _access
- Previous by thread: Re: _stprintf
- Next by thread: Re: _stprintf
- Index(es):
Relevant Pages
|
