Recently I have been converting a lot of, ummm, legacy code to use
the "safe" string functions that
Visual Studio likes to whine about.. This is the sort of thing where
you pass in the size of a destination buffer so the library function guarantees
never to write beyond that point.
Of course, "safe" doesn't mean "reads your mind". You can still tell out and
out porkie pies to it, as I did this morning :
wchar_t buf[ 100 ];
wcscpy_s( buf, sizeof( buf ), "Hello, world!" );
What's wrong with that? Well, the "safe" versions require you to pass in
the number of characters, not the number of bytes (which is
what sizeof will give you). So I've told wcscpy_s
it can fiddle with twice as much memory as it really can. Try this at home
folks, and see what crash you get!
Moral of this story? Mind your memory allocation. Or switch to a
language that doesn't involve fiddling with if throwing gobs of memory around
with wild abandon isn't important.