RtlStringCbPrintfExW function (ntstrsafe.h)

Article
10/21/2021

The RtlStringCbPrintfExW and RtlStringCbPrintfExA functions create a byte-counted text string, with formatting that is based on supplied formatting information.

Syntax

NTSTRSAFEDDI RtlStringCbPrintfExW(
  [out, optional] NTSTRSAFE_PWSTR  pszDest,
  [in]            size_t           cbDest,
  [out, optional] NTSTRSAFE_PWSTR  *ppszDestEnd,
  [out, optional] size_t           *pcbRemaining,
  [in]            DWORD            dwFlags,
  [in, optional]  NTSTRSAFE_PCWSTR pszFormat,
                  ...              
);

Parameters

[out, optional] pszDest

A pointer to a caller-supplied buffer that receives a formatted, null-terminated string. The function creates this string from both the formatting string that is supplied by pszFormat and the function's argument list. The pszDest pointer can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.

[in] cbDest

The size of the destination buffer, in bytes. The buffer must be large enough to contain the formatted string plus the terminating null character.

For Unicode strings, the maximum number of bytes is NTSTRSAFE_MAX_CCH * sizeof(WCHAR).

For ANSI strings, the maximum number of bytes is NTSTRSAFE_MAX_CCH * sizeof(char).

If pszDest is NULL, cbDest must be zero.

[out, optional] ppszDestEnd

If the caller supplies a non-NULL address pointer then, after the operation completes, the function loads that address with a pointer to the destination buffer's resulting null string terminator.

[out, optional] pcbRemaining

If the caller supplies a non-NULL address pointer, the function loads the address with the number of unused bytes that are in the buffer pointed to by pszDest, including bytes used for the terminating null character.

[in] dwFlags

One or more flags and, optionally, a fill byte. The flags are defined as follows:

Value	Meaning
STRSAFE_FILL_BEHIND_NULL	If set and the function succeeds, the low byte of dwFlags is used to fill the portion of the destination buffer that follows the terminating null character.
STRSAFE_IGNORE_NULLS	If set, either pszDest or pszSrc, or both, can be NULL. NULLpszSrc pointers are treated like empty strings (TEXT("")), which can be copied. NULLpszDest pointers cannot receive nonempty strings.
STRSAFE_FILL_ON_FAILURE	If set and the function fails, the low byte of dwFlags is used to fill the entire destination buffer, and the buffer is null-terminated. This operation overwrites any preexisting buffer contents.
STRSAFE_NULL_ON_FAILURE	If set and the function fails, the destination buffer is set to an empty string (TEXT("")). This operation overwrites any preexisting buffer contents.
STRSAFE_NO_TRUNCATION	If set and the function returns STATUS_BUFFER_OVERFLOW, the contents of the destination buffer are not modified.

[in, optional] pszFormat

A pointer to a null-terminated text string that contains printf-styled formatting directives. The pszFormat pointer can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.

...

A list of arguments that are interpreted by the function, based on formatting directives contained in the pszFormat string.

Return value

The function returns one of the NTSTATUS values that are listed in the following table. For information about how to test NTSTATUS values, see Using NTSTATUS Values.

Return code	Description
STATUS_SUCCESS	This success status means source data was present, the output string was created without truncation, and the resultant destination buffer is null-terminated.
STATUS_BUFFER_OVERFLOW	This warning status means the operation did not complete due to insufficient space in the destination buffer. If STRSAFE_NO_TRUNCATION is set in dwFlags, the destination buffer is not modified. If the flag is not set, the destination buffer contains a truncated version of the created string.
STATUS_INVALID_PARAMETER	This error status means the function received an invalid input parameter. For more information, see the following paragraph. The function returns the STATUS_INVALID_PARAMETER value when: An invalid flag was specified. The value in cbDest is larger than the maximum buffer size. The destination buffer was already full. A NULL pointer was present without the STRSAFE_IGNORE_NULLS flag. The destination buffer pointer was NULL, but the buffer size was not zero. The destination buffer pointer was NULL, or its length was zero, but a nonzero length source string was present.

Return code

Description

STATUS_SUCCESS

This success status means source data was present, the output string was created without truncation, and the resultant destination buffer is null-terminated.

STATUS_BUFFER_OVERFLOW

This warning status means the operation did not complete due to insufficient space in the destination buffer. If STRSAFE_NO_TRUNCATION is set in dwFlags, the destination buffer is not modified. If the flag is not set, the destination buffer contains a truncated version of the created string.

STATUS_INVALID_PARAMETER

This error status means the function received an invalid input parameter. For more information, see the following paragraph.

The function returns the STATUS_INVALID_PARAMETER value when:

An invalid flag was specified.
The value in cbDest is larger than the maximum buffer size.
The destination buffer was already full.
A NULL pointer was present without the STRSAFE_IGNORE_NULLS flag.
The destination buffer pointer was NULL, but the buffer size was not zero.
The destination buffer pointer was NULL, or its length was zero, but a nonzero length source string was present.

Remarks

RtlStringCbPrintfExW and RtlStringCbPrintfExA should be used instead of the following functions:

sprintf
swprintf
_snprintf
_snwprintf

All of these functions accept a format string and a list of arguments, interpret them, and create a formatted string. The size, in bytes, of the destination buffer is provided to RtlStringCbPrintfExW and RtlStringCbPrintfExA to ensure that they do not write past the end of the buffer.

RtlStringCbPrintfExW and RtlStringCbPrintfExA add to the functionality of RtlStringCbPrintf by returning a pointer to the end of the destination string, as well as the number of bytes left unused in that string. Flags can be passed to the function for additional control.

Use RtlStringCbPrintfExW to handle Unicode strings and RtlStringCbPrintfExA to handle ANSI strings. The form you use depends on your data, as shown in the following table.

String data type	String literal	Function
WCHAR	L"string"	RtlStringCbPrintfExW
char	"string"	RtlStringCbPrintfExA

If pszDest and pszFormat point to overlapping strings or if any argument strings overlap, the behavior of the function is undefined.

Neither pszFormat nor pszDest can be NULL unless the STRSAFE_IGNORE_NULLS flag is set, in which case either or both can be NULL. If pszDest is NULL, pszFormat must either be NULL or point to an empty string.

For more information about the safe string functions, see Using Safe String Functions.

Requirements

Requirement	Value
Minimum supported client	Available starting with Windows XP with Service Pack 1 (SP1).
Target Platform	Desktop
Header	ntstrsafe.h (include Ntstrsafe.h)
Library	Ntstrsafe.lib
IRQL	PASSIVE_LEVEL