I am writing code in VS2010 and I happen to see after compilation compiler gives me C4996 warning (\"This function or variable may be unsafe\") for strcpy and sprintf calls.
The reason why you get a warning on sprintf
and strcpy
, and not on memcpy
, is because memcpy
has a length parameter that limits how much memory you copy. For strcpy
and memcpy
, the input has to be terminated with a \0
. If not, it will continue out of bounds. You can limit this by using the snprintf
and strncpy
functions. Those do limit implicitly how much can be copied.
Note that microsoft has deprecated snprintf
, so you should use the replacement function _snprintf
instead. However, this is a MSVC specific function.
I would advise to do away with char *
buffers all together and switch to C++, using stl container, such as std::string
. These will save you a lot of debugging headaches and keep your code portable.