0

i am trying to copy 2 strings in a function, to a new dynamic memory by the strlen() function.

char* PairSortedArrays(char a[], char b[])
{
    char* p1 = (char*)malloc(strlen(a) + strlen(b) + 1);
    if(p1)
    {
    strcpy(p1, a);
    strcat(p1, b);
    }
    return p1;
}

Getting Compiler Error:

Severity    Code    Description Project File    Line    Suppression State
Error   C4996   'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.   check   C:\Users\97254\source\repos\check\check\Source.c    35
yarinis
  • 1
  • 3

3 Answers3

1

Do not use strcat as you have all the information available.

char *strdupcat(const char *str1, const char *str2)
{
    size_t str1Len;
    char *result = NULL;

    if(str1 && str2)
    {
        result = malloc((str1Len = strlen(str1)) + strlen(str2) + 1);
        if(result)
        {
            strcpy(result, str1);
            strcpy(result + str1Len, str2)
        }
    }
    return result;
}
0___________
  • 60,014
  • 4
  • 34
  • 74
  • 1
    @TruthSeeker C has a long, sad and ongoing history of buffer overflows. While sometimes you know the copy is safe, all too often functions like `strcpy` and `strcat` are used without being certain. They are so easy to mis-use, that their use is considered always bad. Use the safer alternatives. – hyde Dec 24 '19 at 11:20
  • which is the safer alternatives? – yarinis Dec 24 '19 at 11:23
  • 1
    `memcpy` is safer than `strcpy` [link](http://man7.org/linux/man-pages/man3/memcpy.3.html) – TruthSeeker Dec 24 '19 at 11:27
  • In this case it does not matter as strlen is used and it will fail on this funcction if we read from the unalocated memory. If not we will allocate enough memory even for the bad srings. – 0___________ Dec 24 '19 at 11:27
  • memcpy is same unsafe as strcpy – 0___________ Dec 24 '19 at 11:28
  • This answer nicely avoids the waste of [`strcat()`](https://www.joelonsoftware.com/2001/12/11/back-to-basics/). – chux - Reinstate Monica Dec 24 '19 at 14:04
1

I'm not sure this is part of your actual problem but strcpy() is not safe and can cause buffer overflows. By the way, your compiler should not fail to compile just because of this.. But based on a microsoft post :

" Some C runtime library functions are deprecated because they're insecure and have a more secure variant. Others are deprecated because they're obsolete. "

https://learn.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-3-c4996?view=vs-2019

Hope this help.

Bruuuh
  • 123
  • 11
0

The older string function, less secure version is marked as deprecated and the new version has the _s ("secure") suffix (example: strcpy_s).

In your case,

"strcpy" function has no way of telling, whether the source string which you are copying is too big for its destination buffer.

But in secure "strcpy_s", takes the size of the buffer as a parameter, so it can determine if a buffer overrun will occur.

Example:

If you use strcpy_s to copy eleven characters into a ten-character buffer, that is an error on your part; strcpy_s cannot correct your mistake, but it can detect your error and inform you by invoking the invalid parameter handler.

Eswaran Pandi
  • 602
  • 6
  • 10