Share via


Strsafe.h Buffer Handling

Other versions of this page are also available for the following:

Windows Mobile Not SupportedWindows Embedded CE Supported

8/27/2008

Poor buffer handling is implicated in many security issues that involve buffer overruns.

The functions defined in Strsafe.h provide additional processing for proper buffer handling in your code. For this reason, they are intended to replace their built-in C/C++ counterparts as well as specific Microsoft Windows implementations.

Strsafe.h can be obtained by downloading the Windows Core software development kit (SDK) from the SDK Update site.

The following are advantages of Strsafe functions:

  • The size of the destination buffer is always provided to the function to ensure that the function does not write past the end of the buffer.
  • Buffers are guaranteed to be null-terminated, even if the operation truncates the intended result.
  • All functions return an HRESULT, with only one possible success code (S_OK).
  • Each function is available in a corresponding character count (cch) or byte count (cb) version.
  • Most functions have an extended ("Ex") version available for advanced functionality.

See Also

Reference

StrSafe.h Character-Count Functions
StrSafe.h Byte-Count Functions

Concepts

Using Strsafe.h