Should I use CString::Format or sprintf_s

Question

I have 2 code like this

Code 1: CString::Format method

CString cStr;
char* ToString(CString pszFormat, ...)
{
    va_list argList;
    va_start(argList, pszFormat);
    cStr.FormatV(_T(pszFormat), argList);
    va_end(argList);
    return (LPTSTR)(LPCTSTR)cStr;
    //Note that this will return the pointer to the cstring content
}

Code 2: sprintf_s method

char strChar[100];
char* ToString(char const* const _Format, ...)
{
    va_list argList;
    va_start(argList, _Format);
    vsprintf_s(strChar, _Format, argList);
    va_end(argList);
    return strChar;
    //Note that this will return the pointer to the string content
}

In code 1, I feel totally safe - I don't have to afraid about the length maybe too long. But I'm afraid that code 1 may reduce the performance. I don't know if it may cause memory leak or not. And I think that if Cstring has dynamic length, maybe it will allocate and free memory like no one business.

So I come up with code 2. But in code 2, I face the risk if I pass the _Format too long - like string that has length as 1000 - then the program will crash with 'buffer too small' error.

I don't know which one is better: CString::Format or sprintf_s ??? If sprintf_s really increase performance and CString::Format is bad for performance, then I'll take more effort to prevent 'buffer too small' in sprintf_s. But if sprintf_s not worth it - I'll take CString::Format.

Thank for reading.

Answer 1

If you are worried that the buffer in strChar might overflow, then why not simply use vsnprintf_s(). The second argument will restrict the number of characters written to the output buffer. You can modify your 'ToString()' function to receive this extra sizeOfBuffer field and pass it on to vsnprintf_s().

See [https://msdn.microsoft.com/en-us/library/d3xd30zz.aspx][1] for the details and other ways to prevent a buffer overrun.