Updating _snprintf to _snprintf_s

Question

I wanted to update _snprintf to secure version but couldn't do it so i wanted to ask here

        char itemlink[256];
        int len;
        bool isAttr = false;

        len = _snprintf_s(itemlink, sizeof(itemlink), "item:%x:%x:%x:%x:%x",
                htoi(results[1].c_str()),
                htoi(results[2].c_str()),
                htoi(results[3].c_str()),
                htoi(results[4].c_str()),
                htoi(results[5].c_str()));

        if (results.size() >= 8)
        {
            for (int i = 6; i < results.size(); i += 2)
            {
                len += _snprintf(itemlink + len, sizeof(itemlink) - len, ":%x:%d",    // here is the part i want to update. i guess it has something to do with +/- len
                        htoi(results[i].c_str()),
                        atoi(results[i+1].c_str()));
                isAttr = true;
            }
        }

*Updating _snprintf to _snprintf_s* [**Don't**](http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1967.htm). It's not an update. `_snprintf_s()` is not more secure, it's just non-portable. — Andrew Henle, Feb 04 '20 at 15:44
it just yields a pragma deprecated warning when i compile with _snprintf. so i wanted to kick away this warning(without disabling the warning) and now it gives error with _snprinf_s: error C2664: 'int _snprintf_s(char *,size_t,size_t,const char *,...)' : cannot convert argument 3 from 'const char [7]' to 'size_t' — Anıl D., Feb 04 '20 at 15:48
Thanks! In the future, can you include the error message in the question please? Yes, there are now two size arguments: sizeOfBuffer and count ([documentation](https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/snprintf-s-snprintf-s-l-snwprintf-s-snwprintf-s-l?view=vs-2019)) and you're still only passing one. — Rup, Feb 04 '20 at 15:52
@AnılD. That warning is an incorrect warning and you _should_ disable it. `#define _CRT_SECURE_NO_WARNINGS 1` before including any system headers, and continue using the standard string functions. — zwol, Feb 04 '20 at 15:54
I found about the sizeOfBuffer now and about the comment on here lol now new questions popped on my mind. what would you put on sizeOfBuffer if it was you and how this will improve the security? is it really necessary to use this instead of _snprintf and just disabling the warning? i'm sorry about amount of questions i'm pretty newbie to coding — Anıl D., Feb 04 '20 at 15:58
Thank you all for your help i decided to disable the warning. God bless your day — Anıl D., Feb 04 '20 at 16:09
I think you're actually using C++ which might have confused things a bit. Your first _snprintf_s call is passed a character array as a parameter and there's a template that will read the size straight out of the array and so you only require the one size parameter for the first case. Since the second one has pointer addition you will have to compute the second size argument for yourself there. — Rup, Feb 04 '20 at 16:17
However you could also just do this with C++ strings rather than sprintf and buffers anyway, although the solutions aren't that tidy: [C++ equivalent of sprintf](https://stackoverflow.com/questions/4983092/c-equivalent-of-sprintf) — Rup, Feb 04 '20 at 16:18
@AnılD. Read this question for some more information in Microsoft's "deprecation" of a lot of standard C functions, and the "better safety" of their `*_s()` alternatives: https://stackoverflow.com/questions/59239734/why-strcpy-s-is-safer-than-strcpy — Andrew Henle, Feb 05 '20 at 23:34

Updating _snprintf to _snprintf_s

0 Answers0