Shulou(Shulou.com)06/01 Report--

This article mainly explains "what are the high-risk functions of C++", interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Next, let the editor take you to learn what are the high-risk functions of C++.

1.gets-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using char*fgets (char* dest, int n, stdin)

The premise is that we must know that n must be less than the size of the dest to ensure that the dest ends with 0 after the function is executed. Otherwise, it will still lead to unpredictable results.

Example:

.

Char dest[MAX _ SIZE]

Memset (dest,0,MAX_SIZE)

Fgets (dest,MAX_SIZE-1,stdin)

.

2._getws-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using wchar_t*fgetws (wchar_t* dest, int n, stdin)

The premise is that we must know that n must be less than the size of the dest to ensure that the dest ends with 0 after the function is executed. Otherwise, it will still lead to unpredictable results.

Example:

.

Wchar_ tdest[MAX _ SIZE]

Wmemset (dest,0,MAX_SIZE)

Fgetws (dest,MAX_SIZE-1,stdin)

.

3._getts-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using TCHAR * fgetts (TCHAR * dest, int n, stdin)

The premise is that we must know that n must be less than the size of the dest to ensure that the dest ends with 0 after the function is executed. Otherwise, it will still lead to unpredictable results.

Example:

.

TCHAR dest[MAX _ SIZE]

Memset (dest,0,MAX_SIZE*sizeof (TCHAR))

Fgetts (dest,MAX_SIZE-1,stdin)

.

4.strcpy-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using char*strncpy (char* dest, const char* src, size_t n)

The premise is that we must know the size of the target cache dest and the length of the source cache src. Dest is first assigned with a value of 0 to ensure that it ends with 0. Otherwise, it will still lead to unpredictable results.

Example:

.

Char dest[MAX _ SIZE]

.

Memset (dest,0,MAX_SIZE)

Strncpy (dest,src,MAX_SIZE-1)

.

5.lstrcpy-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using LPTSTRlstrcpyn (LPTSTR dest, LPCTSTR src, int n)

The premise is that we must know the size of the target cache dest and the length of the source cache src. Also note that the function lstrcpyn automatically fills 0 in bit n-1, regardless of whether there is valid data in bit n-1.

Example:

.

Char dest[MAX _ SIZE]

.

Lstrcpyn (dest,src,MAX_SIZE)

.

6.lstrcpyA-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using LPTSTRlstrcpyn (LPTSTR dest, LPCTSTR src, int n)

The premise is that we must know the size of the target cache dest and the length of the source cache src. Also note that the function lstrcpyn automatically fills 0 in bit n-1, regardless of whether there is valid data in bit n-1.

Example:

.

Char dest[MAX _ SIZE]

.

Lstrcpyn (dest,src,MAX_SIZE)

.

7.lstrcpyW-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using wchar_t*wcsncpy (wchar_t* dest, const wchar_t* src,size_t n)

The premise is that we must know the size of the target cache dest and the length of the source cache src. Dest is first assigned with a value of 0 to ensure that it ends with 0. Otherwise, it will still lead to unpredictable results.

Example:

.

Wchar_ tdest[MAX _ SIZE]

.

Wmemset (dest,0,MAX_SIZE)

Wcsncpy (dest,src,MAX_SIZE-1)

.

8.wcscpy-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using wchar_t*wcsncpy (wchar_t* dest, const wchar_t* src,size_t n)

The premise is that we must know the size of the target cache dest and the length of the source cache src. Dest is first assigned with a value of 0 to ensure that it ends with 0. Otherwise, it will still lead to unpredictable results.

Example:

.

Wchar_ tdest[MAX _ SIZE]

.

Wmemset (dest,0,MAX_SIZE)

Wcsncpy (dest,src,MAX_SIZE-1)

.

9._tcscpy-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using TCHAR*tcsncpy (TCHAR* dest, const TCHAR* src, size_tn)

The premise is that we must know the size of the target cache dest and the length of the source cache src. Dest is first assigned with a value of 0 to ensure that it ends with 0. Otherwise, it will still lead to unpredictable results.

Example:

.

TCHAR dest[MAX _ SIZE]

.

Memset (dest,0,MAX_SIZE*sizeof (TCHAR))

Tcsncpy (dest,src,MAX_SIZE-1)

.

10._ftcscpy-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using char*_ftcsncpy (char* dest,const char* src, unsignedint n)

The premise is that we must know the size of the target cache dest and the length of the source cache src. Dest is first assigned with a value of 0 to ensure that it ends with 0. Otherwise, it will still lead to unpredictable results.

Example:

.

Char dest[MAX _ SIZE]

.

Memset (dest,0,MAX_SIZE)

_ ftcsncpy (dest,src,MAX_SIZE-1k)

.

11.StrCpy-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using char*strncpy (char* dest, const char* src, size_t n)

The premise is that we must know the size of the target cache dest and the length of the source cache src. Dest is first assigned with a value of 0 to ensure that it ends with 0. Otherwise, it will still lead to unpredictable results.

Example:

.

Char dest[MAX _ SIZE]

.

Memset (dest,0,MAX_SIZE)

Strncpy (dest,src,MAX_SIZE-1)

.

12.strcat-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using char*strncat (char* dest, const char* src,size_t n)

The premise is that we must know the remaining size of the target cache dest and the length of the source cache src, and ensure that the dest ends with 0 after the function execution. Otherwise, it will still lead to unpredictable results.

Example:

.

Char dest[MAX _ SIZE]

Memset (dest,0,MAX_SIZE)

.

Strncat (dest,src,MAX_SIZE-strlen (dest)-1)

.

13.wcscat-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using wchar_t*wcsncat (wchar_t* dest, const wchar_t* src,size_t n)

The premise is that we must know the remaining size of the target cache dest and the length of the source cache src, and ensure that the dest ends with 0 after the function execution. Otherwise, it will still lead to unpredictable results.

Example:

.

Wchar_ tdest[MAX _ SIZE]

Wmemset (dest,0,MAX_SIZE)

.

Wcsncat (dest,src,MAX_SIZE-wcslen (dest)-1)

.

14._mbscat-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using unsigned char* _ mbsncat (unsigned char*dest,constunsigned char* src, size_t n)

The premise is that we must know the size of the target cache dest and the length of the source cache src. Dest is first assigned with a value of 0 to ensure that it ends with 0. Otherwise, it will still lead to unpredictable results.

Example:

.

Unsigned char dest[MAX _ SIZE]

Memset (dest,0,MAX_SIZE)

.

_ mbsncat (dest,src,MAX_SIZE-strlen (dest)-1)

.

15._tcscat-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using char*_tcsncat (char* dest, const char* src,size_t n)

The premise is that we must know the remaining size of the target cache dest and the length of the source cache src, and ensure that the dest ends with 0 after the function execution. Otherwise, it will still lead to unpredictable results.

Example:

.

Char dest[MAX _ SIZE]

Memset (dest,0,MAX_SIZE)

.

_ tcsncat (dest,src,MAX_SIZE-strlen (dest)-1)

.

16.StrCat-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using char*strncat (char* dest, const char* src,size_t n)

The premise is that we must know the remaining size of the target cache dest and the length of the source cache src, and ensure that the dest ends with 0 after the function execution. Otherwise, it will still lead to unpredictable results.

Example:

.

Char dest[MAX _ SIZE]

Memset (dest,0,MAX_SIZE)

.

Strncat (dest,src,MAX_SIZE-strlen (dest)-1)

.

17.StrCatA-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using char*strncat (char* dest, const char* src,size_t n)

The premise is that we must know the remaining size of the target cache dest and the length of the source cache src, and ensure that the dest ends with 0 after the function execution. Otherwise, it will still lead to unpredictable results.

Example:

.

Char dest[MAX _ SIZE]

Memset (dest,0,MAX_SIZE)

.

Strncat (dest,src,MAX_SIZE-strlen (dest)-1)

.

18.StrCatW-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using wchar_t*wcsncat (wchar_t* dest, const wchar_t* src,size_t n)

The premise is that we must know the remaining size of the target cache dest and the length of the source cache src, and ensure that the dest ends with 0 after the function execution. Otherwise, it will still lead to unpredictable results.

Example:

.

Wchar_t dest[MAX _ SIZE]

Wmemset (dest,0,MAX_SIZE)

.

Wcsncat (dest,src,MAX_SIZE-wcslen (dest)-1)

.

19.sprintf-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using int _ snprintf (char* dest,size_t n, const char*format [, argument...])

The premise is that we must make it clear that the length of the dest written to the target cache must be less than the size of the dest, and ensure that the dest ends with 0 after the function execution. Otherwise, it will still lead to unpredictable results.

Example:

.

Char dest[MAX _ SIZE]

Memset (dest,0,MAX_SIZE)

_ snprintf (dest,MAX_SIZE-1,formatstring,args)

.

20.wsprintf-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using intwnsprintf (LPTSTR dest, int n, LPCTSTR pszFmt)

The premise is that we must make it clear that the length of the dest written to the target cache must be less than the size of the dest, and ensure that the dest ends with 0 after the function execution. Otherwise, it will still lead to unpredictable results.

Example:

.

Char dest[MAX _ SIZE]

Memset (dest,0,MAX_SIZE)

Wnsprintf (dest,MAX_SIZE-1,pszFmt)

.

21.wsprintfA-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using intwnsprintf (LPTSTR dest, int n, LPCTSTR pszFmt)

The premise is that we must make it clear that the length of the dest written to the target cache must be less than the size of the dest, and ensure that the dest ends with 0 after the function execution. Otherwise, it will still lead to unpredictable results.

Example:

.

Char dest[MAX _ SIZE]

Memset (dest,0,MAX_SIZE)

Wnsprintf (dest,MAX_SIZE-1,pszFmt)

.

22.wsprintfW-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using intwnsprintf (LPTSTR dest, int n, LPCTSTR pszFmt)

The premise is that we must make it clear that the length of the dest written to the target cache must be less than the size of the dest, and ensure that the dest ends with 0 after the function execution. Otherwise, it will still lead to unpredictable results.

Example:

.

Char dest[MAX _ SIZE]

Memset (dest,0,MAX_SIZE)

Wnsprintf (dest,MAX_SIZE-1,pszFmt)

.

23.vsprintf-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using int_vsnprintf (char* dest, size_t n, const char*format, va_list argptr)

The premise is that we must make it clear that the length of the dest written to the target cache must be less than the size of the dest, and ensure that the dest ends with 0 after the function execution. Otherwise, it will still lead to unpredictable results.

Example:

.

Char dest[MAX _ SIZE]

Memset (dest,0,MAX_SIZE)

_ vsnprintf (dest,MAX_SIZE-1,formatstring,args)

.

24.vswprintf-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using int_vsnwprintf (wchar_t* dest, size_t n, const wchar_t*format, va_list argptr)

The premise is that we must make it clear that the length of the dest written to the target cache must be less than the size of the dest, and ensure that the dest ends with 0 after the function execution. Otherwise, it will still lead to unpredictable results.

Example:

.

Wchar_ tdest[MAX _ SIZE]

Wmemset (dest,0,MAX_SIZE)

_ vsnwprintf (dest,MAX_SIZE-1,formatstring,args)

.

25.swprintf-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

Consider using int_snwprintf (wchar_t* dest, size_t n, const wchar_t*format [, argument...])

The premise is that we must make it clear that the length of the dest written to the target cache must be less than the size of the dest, and ensure that the dest ends with 0 after the function execution. Otherwise, it will still lead to unpredictable results.

Example:

.

Wchar_ tdest[MAX _ SIZE]

Wmemset (dest,0,MAX_SIZE)

_ snwprintf (dest,MAX_SIZE-1,formatstring,args)

.

26._stprintf-High risk

Danger:

It has no security check and can easily lead to buffer overflow.

Recommendations:

You can consider using int_sntprintf (TCHAR* dest, siez_t NJ Const TCHAR*format [, argument...])

The premise is that we must make it clear that the length of the dest written to the target cache must be less than the size of the dest, and ensure that the dest ends with 0 after the function execution. Otherwise, it will still lead to unpredictable results.

Example:

.

TCHAR dest[MAX _ SIZE]

Memset (dest,0,MAX_SIZE*sizeof (TCHAR))

_ sntprintf (dest,MAX_SIZE-1,pszFmt)

.

At this point, I believe that everyone on the "C++ high-risk functions what are" have a deeper understanding, might as well to the actual operation of it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.