StringCchPrintf (Windows CE 5.0)

Article
09/14/2012

Developing an Application > Safe String Functions > Safe String Reference > StrSafe.h Character-Count Functions

This function is a replacement for sprintf. It accepts a format string and a list of arguments and returns a formatted string.

The size, in characters, of the destination buffer is provided to the function to ensure that StringCchPrintf does not write past the end of this buffer.

HRESULT StringCchPrintf(          LPTSTR pszDest,    size_t cchDest,    LPCTSTR pszFormat,     ...);

Parameters

pszDest
[out] Pointer to a buffer that receives the formatted, null-terminated string created from pszFormat and its arguments.
cchDest
[in] Size of the destination buffer, in characters.

This value must be sufficiently large to accommodate the final formatted string plus 1 to account for the terminating null character.

The maximum number of characters allowed is STRSAFE_MAX_CCH.
pszFormat
[in] Pointer to a buffer containing a printf-style format string.

This string must be null-terminated.
...
[in] Arguments to be inserted into pszFormat.

Return Value

This function returns an HRESULT, as opposed to sprintf, which returns the number of bytes stored in its destination buffer.

It is strongly recommended that you use the SUCCEEDED and FAILED macros to test the return value of this function.

Value	Description
S_OK	There was sufficient space for the result to be copied to pszDest without truncation, and the buffer is null-terminated.
STRSAFE_E_INVALID_PARAMETER	The value in cchDest is 0 or larger than STRSAFE_MAX_CCH.
STRSAFE_E_INSUFFICIENT_BUFFER	The copy operation failed due to insufficient buffer space. The destination buffer contains a truncated, null-terminated version of the intended result. Where truncation is acceptable, this is not necessarily a failure condition.

S_OK

There was sufficient space for the result to be copied to pszDest without truncation, and the buffer is null-terminated.

STRSAFE_E_INVALID_PARAMETER

The value in cchDest is 0 or larger than STRSAFE_MAX_CCH.

STRSAFE_E_INSUFFICIENT_BUFFER

The copy operation failed due to insufficient buffer space.

The destination buffer contains a truncated, null-terminated version of the intended result.

Where truncation is acceptable, this is not necessarily a failure condition.

Remarks

StringCchPrintf provides additional processing for proper buffer handling in your code.

Poor buffer handling is implicated in many security issues that involve buffer overruns. StringCchPrintf always null-terminates a nonzero-length destination buffer.

StringCchPrintf can be used in its generic form, or specifically as StringCchPrintfA (for ANSI strings) or StringCchPrintfW (for Unicode strings). The form to use is determined by your data.

String data type	String literal	Function
char	"string"	StringCchPrintfA
TCHAR	TEXT("string")	StringCchPrintf
WCHAR	L"string"	StringCchPrintfW

StringCchPrintf and its ANSI and Unicode variants are replacements for these functions:

If the strings pointed to by pszDest, pszFormat, or argument strings overlap, behavior is undefined.

Neither pszFormat nor pszDest should be NULL.

If you need the handling of null string pointer values, see StringCchPrintfEx.

Example

The following example shows a simple use of StringCchPrintf, using four arguments.

TCHAR pszDest[30]; 
size_t cchDest = 30;

LPCTSTR pszFormat = TEXT("%s %d + %d = %d.");
TCHAR* pszTxt = TEXT("The answer is");

HRESULT hr = StringCchPrintf(pszDest, cchDest, pszFormat, pszTxt, 1, 2, 3);

// The resultant string at pszDest is "The answer is 1 + 2 = 3."

Requirements

OS Versions: Windows CE 5.0 and later.
Header: strsafe.h.
Link Library: strsafe.lib.

Share via