sprintf_s and _snprintf and _snprintf_s

The MSDN pages are as follows: spirntf_s: Http://msdn.microsoft.com/zh-cn/library/ce3zzk1k%28VS.80%29.aspx _snprintf: Http://msdn.microsoft.com/zh-cn/library/2ts7cx93%28v=VS.90%29.aspx _snprintf_s: Http://msdn.microsoft.com/zh-cn/library/f30dzcf6.aspx Three pages all have their own examples. The latter 2 examples are more informative. To avoid future page invalidation: int sprintf_s ( Char *buffer, size_t sizeOfBuffer, const char *format [, ); Template <size_t size> int sprintf_s ( char (&buffer) [size], const char *format [, ); C + + only int _snprintf ( Char *buffer, size_t Count, const char *format [, ); int _snprintf ( char (&buffer) [size], size_t Count, const char *format [, ); C + + only int _snprintf_s ( Char *buffer, size_t sizeOfBuffer, size_t Count, const char *format [, ); int _snprintf_s ( char (&buffer) [size], size_t Count, const char *format [, ); C + + only The whistling. There are quite a few things. What is striking here is why _snprintf_s on the basis of sizeOfBuffer, but also to add a count? Count seems to be used to control the desired width. If the resulting string exceeds count, it is truncated to the length of count and adds a null-teminate Of course, the higher priority should be sizeofbuffer, which must not exceed this size. That's the point. If the size of the string that should be output has reached sizeofbuffer, then it overflows. Overflow, the sprintf_s function considers this to be an error and will place the buffer buffers in an empty string "". The advantage of _snprintf_s is that, with the count parameter, the output string will still have output if it exceeds the buffer length, and the output string is truncated to the count size, followed by a null-teminate on the size of the string. Of course, if count is set to be the same size as sizeofbuffer, or more unreasonable, then this count parameter loses its meaning. At this time, if the output string is going to reach or exceed sizeofbuffer, it will cause an error, and the output buffer is set to an empty string. Therefore, if you want the buffer to be used as much as possible, you can set the Count parameter to _truncate, in which case the effect is actually equivalent to setting count to SizeOfBuffer-1. As for the C language environment, the comparison between sprintf_s and _snprintf: Note that the _snprintf parameter is count, and the sprintf_s parameter is sizeOfBuffer. This is a good illustration of the problem. Take a look at the instructions for _snprintf: Let Len is the length of the formatted data string (not including the terminating null). Len and Count is in bytes for _snprintf, wide characters for _snwprintf. If Len < count, then Len characters was stored in buffer, a null-terminator was appended, and Len is returned. If len = count, then len characters was stored in buffer, no null-terminator was appended, and Len is returned. If len > Count, then count characters was stored in buffer, no null-terminator was appended, and a negative value is RET urned. In other words, the count parameter of _snprintf is plainly a count. If the output string is exactly up to count, the output string must be complete and cannot be truncated because the expected maximum length is count. But what if the size of the string buffer is actually count? The designer of MS Vcrt believes that in this case the length of the output string should be communicated to the caller, letting the caller decide whether to add null-teminate themselves. In other words, when calling _snprintf, be aware that the return value of _snprintf must be checked, and if the return value is not positive, then note that your string buffer is not the end of the null-teminate. In summary, sprintf_s fails when the buffer is not large enough to be an empty string in the buffer when it fails. _SNPRINTF does not fail, but it must be noted that if the buffer is not large enough, the contents of the buffer will not be null-teminate, and you must pay attention to the end of the string. _snprintf_s combines the advantages of 2, as long as the Count parameter is set properly, the function will not fail due to insufficient buffers. But observing _snprintf_s's description, there is a very interesting content. Of these 3 family functions, there are 2 functions in the failure condition sprintf_s and _snprintf_s, (again, I mean the failure here means that after the call the buffer is an empty string), _set_invalid_parameter_ Handler sets the error handler that will be called in case of failure. In the case of truncation, the error handler is not called. VC Library developers are always offering something weird. In any case, making the code more secure is always in line with the overall expectations of everyone. In addition, when you look at the data for these string security functions, be aware that For Microsoft, these designers still consider it unsafe to limit the length of string copying because, logically, These length parameters only limit the length of the source string being copied, not the length of the destination buffer. In other words, Microsoft's designers believe that the safe way is to rely on the C + + mechanism, to identify the true size of the target buffer, in order to achieve a secure replication.

sprintf_s and _snprintf and _snprintf_s