Poor buffer handling is implicated in many security issues that involve buffer overruns. The functions defined in Strsafe.h provide additional processing for proper buffer handling in your code. For this reason, they are intended to replace their built-in C/C++ counterparts as well as specific Windows implementations. Strsafe.h is available in the Windows SDK starting with Windows XP with Service Pack 2 (SP2).
The advantages of the Strsafe functions include:
The size of the destination buffer is always provided to the function to ensure that the function does not write past the end of the buffer.
Buffers are guaranteed to be null-terminated, even if the operation truncates the intended result.
All functions return an HRESULT value, with only one possible success code (S_OK).
Each function is available in a corresponding character count ("cch") or byte count ("cb") version.
Most functions have an extended ("Ex") version available for advanced functionality.
See the following sections for details.
The following functions use a character count rather than a byte count.
The following functions use a byte count rather than a character count.
To use the Strsafe functions inline, include the header file as shown here, following the #include statements for all other header files.
To use the functions in library form, include the following statement before including Strsafe.h. However, it is recommended that you use the inline functions.
When you include Strsafe.h in your file, the older functions replaced by the Strsafe.h functions will be deprecated. Attempts to use these older functions will result in a compiler error telling you to use the newer functions. If you want to override this behavior, include the following statement before including Strsafe.h.
To allow only character count functions, include the following statement before including Strsafe.h.
To allow only byte count functions, include the following statement before including Strsafe.h.
Note You can define STRSAFE_NO_CB_FUNCTIONS or STRSAFE_NO_CCH_FUNCTIONS, but not both.
The maximum supported string length is 2,147,483,647 (STRSAFE_MAX_CCH) characters, either ANSI or Unicode.
Build date: 10/27/2012