Strsafe.h Buffer Handling (Windows Embedded CE 6.0)
1/5/2010
Incorrect buffer handling can be the cause of many security issues that involve buffer overruns.
You can use the functions defined in Strsafe.h instead of the built-in C/C++ string handling functions to improve buffer handling in your code. The following are advantages of Strsafe functions:
- All functions require the size of the destination buffer to ensure that the function does not write past the end of the buffer.
- Buffers returned by all functions are guaranteed to be null-terminated, even if the operation truncates the intended result.
- All functions return an HRESULT with only one possible success code, S_OK.
- Each function is available in two versions: a character count and a byte count version.
- Most functions have an extended version available for advanced functionality, for example StringCchCopyEx.
See Also
Reference
StrSafe.h Character-Count Functions
StrSafe.h Byte-Count Functions