StringCbPrintfA function (strsafe.h)

Writes formatted data to the specified string. The size of the destination buffer is provided to the function to ensure that it does not write past the end of this buffer.

StringCbPrintf is a replacement for the following functions:


  [out] STRSAFE_LPSTR  pszDest,
  [in]  size_t         cbDest,
  [in]  STRSAFE_LPCSTR pszFormat,


[out] pszDest


The destination buffer, which receives the formatted, null-terminated string created from pszFormat and its arguments.

[in] cbDest

Type: size_t

The size of the destination buffer, in bytes. This value must be sufficiently large to accommodate the final formatted string plus the terminating null character. The maximum number of bytes allowed is STRSAFE_MAX_CCH * sizeof(TCHAR).

[in] pszFormat


The format string. This string must be null-terminated. For more information, see Format Specification Syntax.


The arguments to be inserted into the pszFormat string.

Return value


This function can return one of the following values. It is strongly recommended that you use the SUCCEEDED and FAILED macros to test the return value of this function.

Return code Description
There was sufficient space for the result to be copied to pszDest without truncation, and the buffer is null-terminated.
The value in cbDest is either 0 or larger than STRSAFE_MAX_CCH * sizeof(TCHAR).
The copy operation failed due to insufficient buffer space. The destination buffer contains a truncated, null-terminated version of the intended result. In situations where truncation is acceptable, this may not necessarily be seen as a failure condition.

Note that this function returns an HRESULT value, unlike the functions that it replaces.


Compared to the functions it replaces, StringCbPrintf provides additional processing for proper buffer handling in your code. Poor buffer handling is implicated in many security issues that involve buffer overruns. StringCbPrintf always null-terminates a nonzero-length destination buffer.

Behavior is undefined if the strings pointed to by pszDest, pszFormat, or any argument strings overlap.

Neither pszFormat nor pszDest should be NULL. See StringCbPrintfEx if you require the handling of null string pointer values.

StringCbPrintf can be used in its generic form, or in its more specific forms. The data type of the string determines the form of this function that you should use.

String Data Type String Literal Function
char "string" StringCbPrintfA
TCHAR TEXT("string") StringCbPrintf
WCHAR L"string" StringCbPrintfW


The following example shows a basic use of StringCbPrintf, using four arguments.

int const arraysize = 30;
TCHAR pszDest[arraysize]; 
size_t cbDest = arraysize * sizeof(TCHAR);

LPCTSTR pszFormat = TEXT("%s %d + %d = %d.");
TCHAR* pszTxt = TEXT("The answer is");

HRESULT hr = StringCbPrintf(pszDest, cbDest, pszFormat, pszTxt, 1, 2, 3);

// The resultant string at pszDest is "The answer is 1 + 2 = 3."


The strsafe.h header defines StringCbPrintf as an alias which automatically selects the ANSI or Unicode version of this function based on the definition of the UNICODE preprocessor constant. Mixing usage of the encoding-neutral alias with code that not encoding-neutral can lead to mismatches that result in compilation or runtime errors. For more information, see Conventions for Function Prototypes.


Requirement Value
Minimum supported client Windows XP with SP2 [desktop apps | UWP apps]
Minimum supported server Windows Server 2003 with SP1 [desktop apps | UWP apps]
Target Platform Windows
Header strsafe.h

See also