Allegro.cc - Online Community

Allegro.cc Forums » Programming Questions » strcpy is being deprecated????

This thread is locked; no one can reply to it. rss feed Print
 1   2 
strcpy is being deprecated????
DanielH
Member #934
January 2001
avatar

I'm continuing to work on my math parser. It was running fine on my home computer compiled with VisC++ 8.0. Since I have some free time at school, I decided to work on it there. The problem is I received alot of warnings

strcpy being deprecated use strcpy_s
sprintf "" sprintf_s

So I bit the bullet and started using std::string's. I'm not too familiar with them so I need some help. How would I go about doing this with strings:

char temp[ 256 ] = "";
sprintf( temp, "The value is %d", value );

I tried this and that didn't work.

std::string temp;

temp = "The value is " + value;

HoHo
Member #4,534
April 2004
avatar

It is a problem of MSVC. strcpy is a standard function and no other compiler depricates it besides MSVC. Ignore the warnings and keep on using strcpy if you need it.

For std::string see this, especially the append member function.

__________
In theory, there is no difference between theory and practice. But, in practice, there is - Jan L.A. van de Snepscheut
MMORPG's...Many Men Online Role Playing Girls - Radagar
"Is Java REALLY slower? Does STL really bloat your exes? Find out with your friendly host, HoHo, and his benchmarking machine!" - Jakub Wasilewski

gnolam
Member #2,030
March 2002
avatar

What about strncpy(), snprintf()?

--
Move to the Democratic People's Republic of Vivendi Universal (formerly known as Sweden) - officially democracy- and privacy-free since 2008-06-18!

ReyBrujo
Moderator
January 2001
avatar

I think Microsoft was deprecating the versions without lenght to prevent bugs.

--
RB
光子「あたしただ…奪う側に回ろうと思っただけよ」
Mitsuko's last words, Battle Royale

Ninkazu
Member #7,861
October 2006

strcpy is being deprecated because say you have
char buffer[5];
strcpy(buffer, "Oh man I'm bigger than 4");

You'll start overwriting your code in memory. strcpy_s takes the size of the buffer and makes sure it's not overrun. It's a classical way hackers can take over a system - buffer overrun.

HoHo
Member #4,534
April 2004
avatar

strcpy_s is a winapi specific function. strncpy would do exactly the same thing and would be cross-platform.

__________
In theory, there is no difference between theory and practice. But, in practice, there is - Jan L.A. van de Snepscheut
MMORPG's...Many Men Online Role Playing Girls - Radagar
"Is Java REALLY slower? Does STL really bloat your exes? Find out with your friendly host, HoHo, and his benchmarking machine!" - Jakub Wasilewski

TeamTerradactyl
Member #7,733
September 2006
avatar

ReyBrujo is correct with this: with the infamous AOL/MSN buffer exploits that happened so many years ago, they're trying to get away from functions that don't prevent buffer overruns. strncpy() will read up to, but not more than, the given number. Otherwise, you could declare a string of length 100, and if the user writes 104 or 108 bytes, then it can corrupt the stack or be used as an exploit.

I guess it's better to deprecate it to force programmers to start learning how to program "safely" :)

DanielH
Member #934
January 2001
avatar

HoHo

None of those deal with values in terms of int or long or ...

int value = 25;
std:string str = "";

str = "The value is " + value;

gives me 'The value is ***GARBAGE ***'

anonymous
Member #8025
November 2006

The C++ way to format strings is to use std::stringstream:

#include <iostream>
#include <sstream>
#include <string>

int main()
{
    int value = 25;
    std::stringstream temp;
    temp << "The value is " << value;
    std::string s(temp.str());
    std::cout << s << '\n';
}

The best I can do to explain, why your example compiles, is that the compiler might see this as pointer arithmetics: The first part, the string literal, is actually seen as a constant char* (which one can assign to the string). Then you add 25 to the pointer, getting another char pointer pointing 25 chars onward in the memory. Whatever happens to be there, up to the first 0 character, is copied to the string.

Hmm, so if you don't know what you are doing, std::string can be unsafe too... :(

HoHo
Member #4,534
April 2004
avatar

To do that kind of things in C++ you use stringstream

__________
In theory, there is no difference between theory and practice. But, in practice, there is - Jan L.A. van de Snepscheut
MMORPG's...Many Men Online Role Playing Girls - Radagar
"Is Java REALLY slower? Does STL really bloat your exes? Find out with your friendly host, HoHo, and his benchmarking machine!" - Jakub Wasilewski

CGamesPlay
Member #2,559
July 2002
avatar

Quote:

I think Microsoft was deprecating the versions without lenght to prevent bugs.

No, those are derecated, too.

And, as clearly stated in the warning, simply define _CRT_SECURE_NO_DEPRECATE to disable the warnings.

--
Tomasu: Every time you read this: hugging!

Ryan Patterson - <http://cgamesplay.com/>

kentl
Member #2,905
November 2002

You can turn off those warnings in VS and go with the standard instead of Microsofts usual way of working against portability and standards.

Bob
Free Market Evangelist
September 2000
avatar

Quote:

The C++ way to format strings is to use std::stringstream:

That, or boost::lexical_cast<> or boost::format<>.

--
- Bob
[ -- All my signature links are 404 -- ]

Richard Phipps
Member #1,632
November 2001
avatar

torhu
Member #2,727
September 2002
avatar

For anyone getting the deprecation warnings with msvc 8, just put this before any #includes:

#define _CRT_SECURE_NO_DEPRECATE

BAF
Member #2,981
December 2002
avatar

CGamesPlay
Member #2,559
July 2002
avatar

I appreciate BAF for reading my posts! :)

--
Tomasu: Every time you read this: hugging!

Ryan Patterson - <http://cgamesplay.com/>

Billybob
Member #3,136
January 2003

For std::string, besides the methods already suggested, you may use:

template<typename T>
std::string to_string(const T &value)
{
  std::ostringstream ret;
  ret << value;
  return ret.str();
}

---------------------------------

std::string temp;

temp = "The value is " + to_string(value);

BAF
Member #2,981
December 2002
avatar

Wouldn't that be to_string<value_type>(value); ? Or do I not know how to use templates with functions (I've only ever used them with classes)?

Carrus85
Member #2,633
August 2002
avatar

BAF: No, that would not be to_string<value_type>(value);, as the template type can be automatically determined by the arguments of the function (now, if the return type was a template parameter that isn't mentioned in the argument list, you would need to specify it that way.)

Paul Pridham
Member #250
April 2000
avatar

Make your own:

1#include <stdio.h>
2 
3char* strcopy(char* dest, char* src)
4{
5 int i = 0;
6 
7 while(src<i>)
8 {
9 dest<i> = src<i>;
10 i++;
11 }
12 
13 dest<i> = 0;
14 
15 return dest;
16}
17 
18int main()
19{
20 char dest[10];
21 char src[] = "foobarbaz";
22 
23 strcopy(dest, src);
24 printf("%s\n", dest);
25
26 return 0;
27}

Kitty Cat
Member #2,815
October 2002
avatar

Quote:

Be careful with strncpy, in some situations it doesn't add terminating characters:

Wasn't there supposed to be a new function to take care of that? strlcpy or something. I'm positive I read something about that once, and it also fixed the issue of strncpy filling the rest of the destination string with null chars (a potential performance problem). I don't have it in my man pages, though..

--
"Do not meddle in the affairs of cats, for they are subtle and will pee on your computer." -- Bruce Graham

Peter Wang
Member #23
April 2000

It's a OpenBSD (or *BSD) function. The glibc folks don't like it.

Carrus85
Member #2,633
August 2002
avatar

char* strcopy(char* dest, char* src)
{
  int i = 0;

  while(src<i>)
  {
    dest<i> = src<i>;
    i++;
  }

  dest<i> = 0;

  return dest;
}

Personally, I prefer this for strcpy

void strcopy(char* dest, char* src) {
      while( *dest++ = *src++ );
}

and this for strncpy

void strncopy(char* dest, char* src, size_t len) {
      size_t current = 0;
      while( *dest++ = *src++ && ++current < len );
      *dest = 0;
}

Untested, though.

Kitty Cat
Member #2,815
October 2002
avatar

Quote:

and this for strncpy
...
Untested, though.

Hello, Mr. Buffer Overflow. Nice to meet you. :)

That writes one byte past the end of the dest buffer. Perhaps something like this:

void strncopy(char* dest, char* src, size_t len)
{
      if(len)
      {
            size_t current = len-1;
            while( current-- )
                  *(dest++) = *(src++);
            *dest = 0;
      }
}

--
"Do not meddle in the affairs of cats, for they are subtle and will pee on your computer." -- Bruce Graham

 1   2 


Go to: