Mercurial > mm7

comparison lib/legacy_dx/strsafe.h @ 0:9c0607679772

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
init
author Ritor1
date Sat, 12 Jan 2013 09:45:18 +0600
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:9c0607679772
1 /******************************************************************
2 * *
3 * strsafe.h -- This module defines safer C library string *
4 * routine replacements. These are meant to make C *
5 * a bit more safe in reference to security and *
6 * robustness *
7 * *
8 * Copyright (c) Microsoft Corp. All rights reserved. *
9 * *
10 ******************************************************************/
11 #ifndef _STRSAFE_H_INCLUDED_
12 #define _STRSAFE_H_INCLUDED_
13 #pragma once
14
15 #include <stdio.h> // for _vsnprintf, _vsnwprintf, getc, getwc
16 #include <string.h> // for memset
17 #include <stdarg.h> // for va_start, etc.
18
19
20 #ifndef _SIZE_T_DEFINED
21 #ifdef _WIN64
22 typedef unsigned __int64 size_t;
23 #else
24 typedef __w64 unsigned int size_t;
25 #endif // !_WIN64
26 #define _SIZE_T_DEFINED
27 #endif // !_SIZE_T_DEFINED
28
29 #if !defined(_WCHAR_T_DEFINED) && !defined(_NATIVE_WCHAR_T_DEFINED)
30 typedef unsigned short wchar_t;
31 #define _WCHAR_T_DEFINED
32 #endif
33
34 #ifndef _HRESULT_DEFINED
35 #define _HRESULT_DEFINED
36 typedef long HRESULT;
37 #endif // !_HRESULT_DEFINED
38
39 #ifndef SUCCEEDED
40 #define SUCCEEDED(hr) ((HRESULT)(hr) >= 0)
41 #endif
42
43 #ifndef FAILED
44 #define FAILED(hr) ((HRESULT)(hr) < 0)
45 #endif
46
47 #ifndef S_OK
48 #define S_OK ((HRESULT)0x00000000L)
49 #endif
50
51 #ifdef __cplusplus
52 #define _STRSAFE_EXTERN_C extern "C"
53 #else
54 #define _STRSAFE_EXTERN_C extern
55 #endif
56
57 // If you do not want to use these functions inline (and instead want to link w/ strsafe.lib), then
58 // #define STRSAFE_LIB before including this header file.
59 #if defined(STRSAFE_LIB)
60 #define STRSAFEAPI _STRSAFE_EXTERN_C HRESULT __stdcall
61 #pragma comment(lib, "strsafe.lib")
62 #elif defined(STRSAFE_LIB_IMPL)
63 #define STRSAFEAPI _STRSAFE_EXTERN_C HRESULT __stdcall
64 #else
65 #define STRSAFEAPI __inline HRESULT __stdcall
66 #define STRSAFE_INLINE
67 #endif
68
69 // Some functions always run inline because they use stdin and we want to avoid building multiple
70 // versions of strsafe lib depending on if you use msvcrt, libcmt, etc.
71 #define STRSAFE_INLINE_API __inline HRESULT __stdcall
72
73 // The user can request no "Cb" or no "Cch" fuctions, but not both!
74 #if defined(STRSAFE_NO_CB_FUNCTIONS) && defined(STRSAFE_NO_CCH_FUNCTIONS)
75 #error cannot specify both STRSAFE_NO_CB_FUNCTIONS and STRSAFE_NO_CCH_FUNCTIONS !!
76 #endif
77
78 // This should only be defined when we are building strsafe.lib
79 #ifdef STRSAFE_LIB_IMPL
80 #define STRSAFE_INLINE
81 #endif
82
83
84 // If both strsafe.h and ntstrsafe.h are included, only use definitions from one.
85 #ifndef _NTSTRSAFE_H_INCLUDED_
86
87 #define STRSAFE_MAX_CCH 2147483647 // max # of characters we support (same as INT_MAX)
88
89 // Flags for controling the Ex functions
90 //
91 // STRSAFE_FILL_BYTE(0xFF) 0x000000FF // bottom byte specifies fill pattern
92 #define STRSAFE_IGNORE_NULLS 0x00000100 // treat null as TEXT("") -- don't fault on NULL buffers
93 #define STRSAFE_FILL_BEHIND_NULL 0x00000200 // fill in extra space behind the null terminator
94 #define STRSAFE_FILL_ON_FAILURE 0x00000400 // on failure, overwrite pszDest with fill pattern and null terminate it
95 #define STRSAFE_NULL_ON_FAILURE 0x00000800 // on failure, set *pszDest = TEXT('\0')
96 #define STRSAFE_NO_TRUNCATION 0x00001000 // instead of returning a truncated result, copy/append nothing to pszDest and null terminate it
97
98 #define STRSAFE_VALID_FLAGS (0x000000FF | STRSAFE_IGNORE_NULLS | STRSAFE_FILL_BEHIND_NULL | STRSAFE_FILL_ON_FAILURE | STRSAFE_NULL_ON_FAILURE | STRSAFE_NO_TRUNCATION)
99
100 // helper macro to set the fill character and specify buffer filling
101 #define STRSAFE_FILL_BYTE(x) ((unsigned long)((x & 0x000000FF) | STRSAFE_FILL_BEHIND_NULL))
102 #define STRSAFE_FAILURE_BYTE(x) ((unsigned long)((x & 0x000000FF) | STRSAFE_FILL_ON_FAILURE))
103
104 #define STRSAFE_GET_FILL_PATTERN(dwFlags) ((int)(dwFlags & 0x000000FF))
105
106 #endif // _NTSTRSAFE_H_INCLUDED_
107
108 // STRSAFE error return codes
109 //
110 #define STRSAFE_E_INSUFFICIENT_BUFFER ((HRESULT)0x8007007AL) // 0x7A = 122L = ERROR_INSUFFICIENT_BUFFER
111 #define STRSAFE_E_INVALID_PARAMETER ((HRESULT)0x80070057L) // 0x57 = 87L = ERROR_INVALID_PARAMETER
112 #define STRSAFE_E_END_OF_FILE ((HRESULT)0x80070026L) // 0x26 = 38L = ERROR_HANDLE_EOF
113
114 // prototypes for the worker functions
115 #ifdef STRSAFE_INLINE
116 STRSAFEAPI StringCopyWorkerA(char* pszDest, size_t cchDest, const char* pszSrc);
117 STRSAFEAPI StringCopyWorkerW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc);
118 STRSAFEAPI StringCopyExWorkerA(char* pszDest, size_t cchDest, size_t cbDest, const char* pszSrc, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
119 STRSAFEAPI StringCopyExWorkerW(wchar_t* pszDest, size_t cchDest, size_t cbDest, const wchar_t* pszSrc, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
120 STRSAFEAPI StringCopyNWorkerA(char* pszDest, size_t cchDest, const char* pszSrc, size_t cchSrc);
121 STRSAFEAPI StringCopyNWorkerW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc, size_t cchSrc);
122 STRSAFEAPI StringCopyNExWorkerA(char* pszDest, size_t cchDest, size_t cbDest, const char* pszSrc, size_t cchSrc, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
123 STRSAFEAPI StringCopyNExWorkerW(wchar_t* pszDest, size_t cchDest, size_t cbDest, const wchar_t* pszSrc, size_t cchSrc, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
124 STRSAFEAPI StringCatWorkerA(char* pszDest, size_t cchDest, const char* pszSrc);
125 STRSAFEAPI StringCatWorkerW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc);
126 STRSAFEAPI StringCatExWorkerA(char* pszDest, size_t cchDest, size_t cbDest, const char* pszSrc, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
127 STRSAFEAPI StringCatExWorkerW(wchar_t* pszDest, size_t cchDest, size_t cbDest, const wchar_t* pszSrc, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
128 STRSAFEAPI StringCatNWorkerA(char* pszDest, size_t cchDest, const char* pszSrc, size_t cchMaxAppend);
129 STRSAFEAPI StringCatNWorkerW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc, size_t cchMaxAppend);
130 STRSAFEAPI StringCatNExWorkerA(char* pszDest, size_t cchDest, size_t cbDest, const char* pszSrc, size_t cchMaxAppend, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
131 STRSAFEAPI StringCatNExWorkerW(wchar_t* pszDest, size_t cchDest, size_t cbDest, const wchar_t* pszSrc, size_t cchMaxAppend, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
132 STRSAFEAPI StringVPrintfWorkerA(char* pszDest, size_t cchDest, const char* pszFormat, va_list argList);
133 STRSAFEAPI StringVPrintfWorkerW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszFormat, va_list argList);
134 STRSAFEAPI StringVPrintfExWorkerA(char* pszDest, size_t cchDest, size_t cbDest, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags, const char* pszFormat, va_list argList);
135 STRSAFEAPI StringVPrintfExWorkerW(wchar_t* pszDest, size_t cchDest, size_t cbDest, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags, const wchar_t* pszFormat, va_list argList);
136 STRSAFEAPI StringLengthWorkerA(const char* psz, size_t cchMax, size_t* pcch);
137 STRSAFEAPI StringLengthWorkerW(const wchar_t* psz, size_t cchMax, size_t* pcch);
138 #endif // STRSAFE_INLINE
139
140 #ifndef STRSAFE_LIB_IMPL
141 // these functions are always inline
142 STRSAFE_INLINE_API StringGetsExWorkerA(char* pszDest, size_t cchDest, size_t cbDest, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
143 STRSAFE_INLINE_API StringGetsExWorkerW(wchar_t* pszDest, size_t cchDest, size_t cbDest, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
144 #endif
145
146 #ifdef _NTSTRSAFE_H_INCLUDED_
147 #pragma warning(push)
148 #pragma warning(disable : 4995)
149 #endif // _NTSTRSAFE_H_INCLUDED_
150
151
152 #ifndef STRSAFE_NO_CCH_FUNCTIONS
153 /*++
154
155 STDAPI
156 StringCchCopy(
157 OUT LPTSTR pszDest,
158 IN size_t cchDest,
159 IN LPCTSTR pszSrc
160 );
161
162 Routine Description:
163
164 This routine is a safer version of the C built-in function 'strcpy'.
165 The size of the destination buffer (in characters) is a parameter and
166 this function will not write past the end of this buffer and it will
167 ALWAYS null terminate the destination buffer (unless it is zero length).
168
169 This routine is not a replacement for strncpy. That function will pad the
170 destination string with extra null termination characters if the count is
171 greater than the length of the source string, and it will fail to null
172 terminate the destination string if the source string length is greater
173 than or equal to the count. You can not blindly use this instead of strncpy:
174 it is common for code to use it to "patch" strings and you would introduce
175 errors if the code started null terminating in the middle of the string.
176
177 This function returns a hresult, and not a pointer. It returns
178 S_OK if the string was copied without truncation and null terminated,
179 otherwise it will return a failure code. In failure cases as much of
180 pszSrc will be copied to pszDest as possible, and pszDest will be null
181 terminated.
182
183 Arguments:
184
185 pszDest - destination string
186
187 cchDest - size of destination buffer in characters.
188 length must be = (_tcslen(src) + 1) to hold all of the
189 source including the null terminator
190
191 pszSrc - source string which must be null terminated
192
193 Notes:
194 Behavior is undefined if source and destination strings overlap.
195
196 pszDest and pszSrc should not be NULL. See StringCchCopyEx if you require
197 the handling of NULL values.
198
199 Return Value:
200
201 S_OK - if there was source data and it was all copied and the
202 resultant dest string was null terminated
203
204 failure - you can use the macro HRESULT_CODE() to get a win32
205 error code for all hresult failure cases
206
207 STRSAFE_E_INSUFFICIENT_BUFFER /
208 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
209 - this return value is an indication that the copy
210 operation failed due to insufficient space. When this
211 error occurs, the destination buffer is modified to
212 contain a truncated version of the ideal result and is
213 null terminated. This is useful for situations where
214 truncation is ok
215
216 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
217 return value of this function.
218
219 --*/
220
221 STRSAFEAPI StringCchCopyA(char* pszDest, size_t cchDest, const char* pszSrc);
222 STRSAFEAPI StringCchCopyW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc);
223 #ifdef UNICODE
224 #define StringCchCopy StringCchCopyW
225 #else
226 #define StringCchCopy StringCchCopyA
227 #endif // !UNICODE
228
229 #ifdef STRSAFE_INLINE
230 STRSAFEAPI StringCchCopyA(char* pszDest, size_t cchDest, const char* pszSrc)
231 {
232 HRESULT hr;
233
234 if (cchDest > STRSAFE_MAX_CCH)
235 {
236 hr = STRSAFE_E_INVALID_PARAMETER;
237 }
238 else
239 {
240 hr = StringCopyWorkerA(pszDest, cchDest, pszSrc);
241 }
242
243 return hr;
244 }
245
246 STRSAFEAPI StringCchCopyW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc)
247 {
248 HRESULT hr;
249
250 if (cchDest > STRSAFE_MAX_CCH)
251 {
252 hr = STRSAFE_E_INVALID_PARAMETER;
253 }
254 else
255 {
256 hr = StringCopyWorkerW(pszDest, cchDest, pszSrc);
257 }
258
259 return hr;
260 }
261 #endif // STRSAFE_INLINE
262 #endif // !STRSAFE_NO_CCH_FUNCTIONS
263
264
265 #ifndef STRSAFE_NO_CB_FUNCTIONS
266 /*++
267
268 STDAPI
269 StringCbCopy(
270 OUT LPTSTR pszDest,
271 IN size_t cbDest,
272 IN LPCTSTR pszSrc
273 );
274
275 Routine Description:
276
277 This routine is a safer version of the C built-in function 'strcpy'.
278 The size of the destination buffer (in bytes) is a parameter and this
279 function will not write past the end of this buffer and it will ALWAYS
280 null terminate the destination buffer (unless it is zero length).
281
282 This routine is not a replacement for strncpy. That function will pad the
283 destination string with extra null termination characters if the count is
284 greater than the length of the source string, and it will fail to null
285 terminate the destination string if the source string length is greater
286 than or equal to the count. You can not blindly use this instead of strncpy:
287 it is common for code to use it to "patch" strings and you would introduce
288 errors if the code started null terminating in the middle of the string.
289
290 This function returns a hresult, and not a pointer. It returns
291 S_OK if the string was copied without truncation and null terminated,
292 otherwise it will return a failure code. In failure cases as much of pszSrc
293 will be copied to pszDest as possible, and pszDest will be null terminated.
294
295 Arguments:
296
297 pszDest - destination string
298
299 cbDest - size of destination buffer in bytes.
300 length must be = ((_tcslen(src) + 1) * sizeof(TCHAR)) to
301 hold all of the source including the null terminator
302
303 pszSrc - source string which must be null terminated
304
305 Notes:
306 Behavior is undefined if source and destination strings overlap.
307
308 pszDest and pszSrc should not be NULL. See StringCbCopyEx if you require
309 the handling of NULL values.
310
311 Return Value:
312
313 S_OK - if there was source data and it was all copied and the
314 resultant dest string was null terminated
315
316 failure - you can use the macro HRESULT_CODE() to get a win32
317 error code for all hresult failure cases
318
319 STRSAFE_E_INSUFFICIENT_BUFFER /
320 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
321 - this return value is an indication that the copy
322 operation failed due to insufficient space. When this
323 error occurs, the destination buffer is modified to
324 contain a truncated version of the ideal result and is
325 null terminated. This is useful for situations where
326 truncation is ok
327
328 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
329 return value of this function.
330
331 --*/
332
333 STRSAFEAPI StringCbCopyA(char* pszDest, size_t cbDest, const char* pszSrc);
334 STRSAFEAPI StringCbCopyW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszSrc);
335 #ifdef UNICODE
336 #define StringCbCopy StringCbCopyW
337 #else
338 #define StringCbCopy StringCbCopyA
339 #endif // !UNICODE
340
341 #ifdef STRSAFE_INLINE
342 STRSAFEAPI StringCbCopyA(char* pszDest, size_t cbDest, const char* pszSrc)
343 {
344 HRESULT hr;
345 size_t cchDest;
346
347 // convert to count of characters
348 cchDest = cbDest / sizeof(char);
349
350 if (cchDest > STRSAFE_MAX_CCH)
351 {
352 hr = STRSAFE_E_INVALID_PARAMETER;
353 }
354 else
355 {
356 hr = StringCopyWorkerA(pszDest, cchDest, pszSrc);
357 }
358
359 return hr;
360 }
361
362 STRSAFEAPI StringCbCopyW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszSrc)
363 {
364 HRESULT hr;
365 size_t cchDest;
366
367 // convert to count of characters
368 cchDest = cbDest / sizeof(wchar_t);
369
370 if (cchDest > STRSAFE_MAX_CCH)
371 {
372 hr = STRSAFE_E_INVALID_PARAMETER;
373 }
374 else
375 {
376 hr = StringCopyWorkerW(pszDest, cchDest, pszSrc);
377 }
378
379 return hr;
380 }
381 #endif // STRSAFE_INLINE
382 #endif // !STRSAFE_NO_CB_FUNCTIONS
383
384
385 #ifndef STRSAFE_NO_CCH_FUNCTIONS
386 /*++
387
388 STDAPI
389 StringCchCopyEx(
390 OUT LPTSTR pszDest OPTIONAL,
391 IN size_t cchDest,
392 IN LPCTSTR pszSrc OPTIONAL,
393 OUT LPTSTR* ppszDestEnd OPTIONAL,
394 OUT size_t* pcchRemaining OPTIONAL,
395 IN DWORD dwFlags
396 );
397
398 Routine Description:
399
400 This routine is a safer version of the C built-in function 'strcpy' with
401 some additional parameters. In addition to functionality provided by
402 StringCchCopy, this routine also returns a pointer to the end of the
403 destination string and the number of characters left in the destination string
404 including the null terminator. The flags parameter allows additional controls.
405
406 Arguments:
407
408 pszDest - destination string
409
410 cchDest - size of destination buffer in characters.
411 length must be = (_tcslen(pszSrc) + 1) to hold all of
412 the source including the null terminator
413
414 pszSrc - source string which must be null terminated
415
416 ppszDestEnd - if ppszDestEnd is non-null, the function will return a
417 pointer to the end of the destination string. If the
418 function copied any data, the result will point to the
419 null termination character
420
421 pcchRemaining - if pcchRemaining is non-null, the function will return the
422 number of characters left in the destination string,
423 including the null terminator
424
425 dwFlags - controls some details of the string copy:
426
427 STRSAFE_FILL_BEHIND_NULL
428 if the function succeeds, the low byte of dwFlags will be
429 used to fill the uninitialize part of destination buffer
430 behind the null terminator
431
432 STRSAFE_IGNORE_NULLS
433 treat NULL string pointers like empty strings (TEXT("")).
434 this flag is useful for emulating functions like lstrcpy
435
436 STRSAFE_FILL_ON_FAILURE
437 if the function fails, the low byte of dwFlags will be
438 used to fill all of the destination buffer, and it will
439 be null terminated. This will overwrite any truncated
440 string returned when the failure is
441 STRSAFE_E_INSUFFICIENT_BUFFER
442
443 STRSAFE_NO_TRUNCATION /
444 STRSAFE_NULL_ON_FAILURE
445 if the function fails, the destination buffer will be set
446 to the empty string. This will overwrite any truncated string
447 returned when the failure is STRSAFE_E_INSUFFICIENT_BUFFER.
448
449 Notes:
450 Behavior is undefined if source and destination strings overlap.
451
452 pszDest and pszSrc should not be NULL unless the STRSAFE_IGNORE_NULLS flag
453 is specified. If STRSAFE_IGNORE_NULLS is passed, both pszDest and pszSrc
454 may be NULL. An error may still be returned even though NULLS are ignored
455 due to insufficient space.
456
457 Return Value:
458
459 S_OK - if there was source data and it was all copied and the
460 resultant dest string was null terminated
461
462 failure - you can use the macro HRESULT_CODE() to get a win32
463 error code for all hresult failure cases
464
465 STRSAFE_E_INSUFFICIENT_BUFFER /
466 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
467 - this return value is an indication that the copy
468 operation failed due to insufficient space. When this
469 error occurs, the destination buffer is modified to
470 contain a truncated version of the ideal result and is
471 null terminated. This is useful for situations where
472 truncation is ok.
473
474 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
475 return value of this function
476
477 --*/
478
479 STRSAFEAPI StringCchCopyExA(char* pszDest, size_t cchDest, const char* pszSrc, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
480 STRSAFEAPI StringCchCopyExW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
481 #ifdef UNICODE
482 #define StringCchCopyEx StringCchCopyExW
483 #else
484 #define StringCchCopyEx StringCchCopyExA
485 #endif // !UNICODE
486
487 #ifdef STRSAFE_INLINE
488 STRSAFEAPI StringCchCopyExA(char* pszDest, size_t cchDest, const char* pszSrc, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
489 {
490 HRESULT hr;
491
492 if (cchDest > STRSAFE_MAX_CCH)
493 {
494 hr = STRSAFE_E_INVALID_PARAMETER;
495 }
496 else
497 {
498 size_t cbDest;
499
500 // safe to multiply cchDest * sizeof(char) since cchDest < STRSAFE_MAX_CCH and sizeof(char) is 1
501 cbDest = cchDest * sizeof(char);
502
503 hr = StringCopyExWorkerA(pszDest, cchDest, cbDest, pszSrc, ppszDestEnd, pcchRemaining, dwFlags);
504 }
505
506 return hr;
507 }
508
509 STRSAFEAPI StringCchCopyExW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
510 {
511 HRESULT hr;
512
513 if (cchDest > STRSAFE_MAX_CCH)
514 {
515 hr = STRSAFE_E_INVALID_PARAMETER;
516 }
517 else
518 {
519 size_t cbDest;
520
521 // safe to multiply cchDest * sizeof(wchar_t) since cchDest < STRSAFE_MAX_CCH and sizeof(wchar_t) is 2
522 cbDest = cchDest * sizeof(wchar_t);
523
524 hr = StringCopyExWorkerW(pszDest, cchDest, cbDest, pszSrc, ppszDestEnd, pcchRemaining, dwFlags);
525 }
526
527 return hr;
528 }
529 #endif // STRSAFE_INLINE
530 #endif // !STRSAFE_NO_CCH_FUNCTIONS
531
532
533 #ifndef STRSAFE_NO_CB_FUNCTIONS
534 /*++
535
536 STDAPI
537 StringCbCopyEx(
538 OUT LPTSTR pszDest OPTIONAL,
539 IN size_t cbDest,
540 IN LPCTSTR pszSrc OPTIONAL,
541 OUT LPTSTR* ppszDestEnd OPTIONAL,
542 OUT size_t* pcbRemaining OPTIONAL,
543 IN DWORD dwFlags
544 );
545
546 Routine Description:
547
548 This routine is a safer version of the C built-in function 'strcpy' with
549 some additional parameters. In addition to functionality provided by
550 StringCbCopy, this routine also returns a pointer to the end of the
551 destination string and the number of bytes left in the destination string
552 including the null terminator. The flags parameter allows additional controls.
553
554 Arguments:
555
556 pszDest - destination string
557
558 cbDest - size of destination buffer in bytes.
559 length must be ((_tcslen(pszSrc) + 1) * sizeof(TCHAR)) to
560 hold all of the source including the null terminator
561
562 pszSrc - source string which must be null terminated
563
564 ppszDestEnd - if ppszDestEnd is non-null, the function will return a
565 pointer to the end of the destination string. If the
566 function copied any data, the result will point to the
567 null termination character
568
569 pcbRemaining - pcbRemaining is non-null,the function will return the
570 number of bytes left in the destination string,
571 including the null terminator
572
573 dwFlags - controls some details of the string copy:
574
575 STRSAFE_FILL_BEHIND_NULL
576 if the function succeeds, the low byte of dwFlags will be
577 used to fill the uninitialize part of destination buffer
578 behind the null terminator
579
580 STRSAFE_IGNORE_NULLS
581 treat NULL string pointers like empty strings (TEXT("")).
582 this flag is useful for emulating functions like lstrcpy
583
584 STRSAFE_FILL_ON_FAILURE
585 if the function fails, the low byte of dwFlags will be
586 used to fill all of the destination buffer, and it will
587 be null terminated. This will overwrite any truncated
588 string returned when the failure is
589 STRSAFE_E_INSUFFICIENT_BUFFER
590
591 STRSAFE_NO_TRUNCATION /
592 STRSAFE_NULL_ON_FAILURE
593 if the function fails, the destination buffer will be set
594 to the empty string. This will overwrite any truncated string
595 returned when the failure is STRSAFE_E_INSUFFICIENT_BUFFER.
596
597 Notes:
598 Behavior is undefined if source and destination strings overlap.
599
600 pszDest and pszSrc should not be NULL unless the STRSAFE_IGNORE_NULLS flag
601 is specified. If STRSAFE_IGNORE_NULLS is passed, both pszDest and pszSrc
602 may be NULL. An error may still be returned even though NULLS are ignored
603 due to insufficient space.
604
605 Return Value:
606
607 S_OK - if there was source data and it was all copied and the
608 resultant dest string was null terminated
609
610 failure - you can use the macro HRESULT_CODE() to get a win32
611 error code for all hresult failure cases
612
613 STRSAFE_E_INSUFFICIENT_BUFFER /
614 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
615 - this return value is an indication that the copy
616 operation failed due to insufficient space. When this
617 error occurs, the destination buffer is modified to
618 contain a truncated version of the ideal result and is
619 null terminated. This is useful for situations where
620 truncation is ok.
621
622 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
623 return value of this function
624
625 --*/
626
627 STRSAFEAPI StringCbCopyExA(char* pszDest, size_t cbDest, const char* pszSrc, char** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags);
628 STRSAFEAPI StringCbCopyExW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszSrc, wchar_t** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags);
629 #ifdef UNICODE
630 #define StringCbCopyEx StringCbCopyExW
631 #else
632 #define StringCbCopyEx StringCbCopyExA
633 #endif // !UNICODE
634
635 #ifdef STRSAFE_INLINE
636 STRSAFEAPI StringCbCopyExA(char* pszDest, size_t cbDest, const char* pszSrc, char** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags)
637 {
638 HRESULT hr;
639 size_t cchDest;
640 size_t cchRemaining = 0;
641
642 cchDest = cbDest / sizeof(char);
643
644 if (cchDest > STRSAFE_MAX_CCH)
645 {
646 hr = STRSAFE_E_INVALID_PARAMETER;
647 }
648 else
649 {
650 hr = StringCopyExWorkerA(pszDest, cchDest, cbDest, pszSrc, ppszDestEnd, &cchRemaining, dwFlags);
651 }
652
653 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
654 {
655 if (pcbRemaining)
656 {
657 // safe to multiply cchRemaining * sizeof(char) since cchRemaining < STRSAFE_MAX_CCH and sizeof(char) is 1
658 *pcbRemaining = (cchRemaining * sizeof(char)) + (cbDest % sizeof(char));
659 }
660 }
661
662 return hr;
663 }
664
665 STRSAFEAPI StringCbCopyExW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszSrc, wchar_t** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags)
666 {
667 HRESULT hr;
668 size_t cchDest;
669 size_t cchRemaining = 0;
670
671 cchDest = cbDest / sizeof(wchar_t);
672
673 if (cchDest > STRSAFE_MAX_CCH)
674 {
675 hr = STRSAFE_E_INVALID_PARAMETER;
676 }
677 else
678 {
679 hr = StringCopyExWorkerW(pszDest, cchDest, cbDest, pszSrc, ppszDestEnd, &cchRemaining, dwFlags);
680 }
681
682 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
683 {
684 if (pcbRemaining)
685 {
686 // safe to multiply cchRemaining * sizeof(wchar_t) since cchRemaining < STRSAFE_MAX_CCH and sizeof(wchar_t) is 2
687 *pcbRemaining = (cchRemaining * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t));
688 }
689 }
690
691 return hr;
692 }
693 #endif // STRSAFE_INLINE
694 #endif // !STRSAFE_NO_CB_FUNCTIONS
695
696
697 #ifndef STRSAFE_NO_CCH_FUNCTIONS
698 /*++
699
700 STDAPI
701 StringCchCopyN(
702 OUT LPTSTR pszDest,
703 IN size_t cchDest,
704 IN LPCTSTR pszSrc,
705 IN size_t cchSrc
706 );
707
708 Routine Description:
709
710 This routine is a safer version of the C built-in function 'strncpy'.
711 The size of the destination buffer (in characters) is a parameter and
712 this function will not write past the end of this buffer and it will
713 ALWAYS null terminate the destination buffer (unless it is zero length).
714
715 This routine is meant as a replacement for strncpy, but it does behave
716 differently. This function will not pad the destination buffer with extra
717 null termination characters if cchSrc is greater than the length of pszSrc.
718
719 This function returns a hresult, and not a pointer. It returns
720 S_OK if the entire string or the first cchSrc characters were copied
721 without truncation and the resultant destination string was null terminated,
722 otherwise it will return a failure code. In failure cases as much of pszSrc
723 will be copied to pszDest as possible, and pszDest will be null terminated.
724
725 Arguments:
726
727 pszDest - destination string
728
729 cchDest - size of destination buffer in characters.
730 length must be = (_tcslen(src) + 1) to hold all of the
731 source including the null terminator
732
733 pszSrc - source string
734
735 cchSrc - maximum number of characters to copy from source string,
736 not including the null terminator.
737
738 Notes:
739 Behavior is undefined if source and destination strings overlap.
740
741 pszDest and pszSrc should not be NULL. See StringCchCopyNEx if you require
742 the handling of NULL values.
743
744 Return Value:
745
746 S_OK - if there was source data and it was all copied and the
747 resultant dest string was null terminated
748
749 failure - you can use the macro HRESULT_CODE() to get a win32
750 error code for all hresult failure cases
751
752 STRSAFE_E_INSUFFICIENT_BUFFER /
753 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
754 - this return value is an indication that the copy
755 operation failed due to insufficient space. When this
756 error occurs, the destination buffer is modified to
757 contain a truncated version of the ideal result and is
758 null terminated. This is useful for situations where
759 truncation is ok
760
761 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
762 return value of this function.
763
764 --*/
765
766 STRSAFEAPI StringCchCopyNA(char* pszDest, size_t cchDest, const char* pszSrc, size_t cchSrc);
767 STRSAFEAPI StringCchCopyNW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc, size_t cchSrc);
768 #ifdef UNICODE
769 #define StringCchCopyN StringCchCopyNW
770 #else
771 #define StringCchCopyN StringCchCopyNA
772 #endif // !UNICODE
773
774 #ifdef STRSAFE_INLINE
775 STRSAFEAPI StringCchCopyNA(char* pszDest, size_t cchDest, const char* pszSrc, size_t cchSrc)
776 {
777 HRESULT hr;
778
779 if ((cchDest > STRSAFE_MAX_CCH) ||
780 (cchSrc > STRSAFE_MAX_CCH))
781 {
782 hr = STRSAFE_E_INVALID_PARAMETER;
783 }
784 else
785 {
786 hr = StringCopyNWorkerA(pszDest, cchDest, pszSrc, cchSrc);
787 }
788
789 return hr;
790 }
791
792 STRSAFEAPI StringCchCopyNW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc, size_t cchSrc)
793 {
794 HRESULT hr;
795
796 if ((cchDest > STRSAFE_MAX_CCH) ||
797 (cchSrc > STRSAFE_MAX_CCH))
798 {
799 hr = STRSAFE_E_INVALID_PARAMETER;
800 }
801 else
802 {
803 hr = StringCopyNWorkerW(pszDest, cchDest, pszSrc, cchSrc);
804 }
805
806 return hr;
807 }
808 #endif // STRSAFE_INLINE
809 #endif // !STRSAFE_NO_CCH_FUNCTIONS
810
811
812 #ifndef STRSAFE_NO_CB_FUNCTIONS
813 /*++
814
815 STDAPI
816 StringCbCopyN(
817 OUT LPTSTR pszDest,
818 IN size_t cbDest,
819 IN LPCTSTR pszSrc,
820 IN size_t cbSrc
821 );
822
823 Routine Description:
824
825 This routine is a safer version of the C built-in function 'strncpy'.
826 The size of the destination buffer (in bytes) is a parameter and this
827 function will not write past the end of this buffer and it will ALWAYS
828 null terminate the destination buffer (unless it is zero length).
829
830 This routine is meant as a replacement for strncpy, but it does behave
831 differently. This function will not pad the destination buffer with extra
832 null termination characters if cbSrc is greater than the size of pszSrc.
833
834 This function returns a hresult, and not a pointer. It returns
835 S_OK if the entire string or the first cbSrc characters were
836 copied without truncation and the resultant destination string was null
837 terminated, otherwise it will return a failure code. In failure cases as
838 much of pszSrc will be copied to pszDest as possible, and pszDest will be
839 null terminated.
840
841 Arguments:
842
843 pszDest - destination string
844
845 cbDest - size of destination buffer in bytes.
846 length must be = ((_tcslen(src) + 1) * sizeof(TCHAR)) to
847 hold all of the source including the null terminator
848
849 pszSrc - source string
850
851 cbSrc - maximum number of bytes to copy from source string,
852 not including the null terminator.
853
854 Notes:
855 Behavior is undefined if source and destination strings overlap.
856
857 pszDest and pszSrc should not be NULL. See StringCbCopyEx if you require
858 the handling of NULL values.
859
860 Return Value:
861
862 S_OK - if there was source data and it was all copied and the
863 resultant dest string was null terminated
864
865 failure - you can use the macro HRESULT_CODE() to get a win32
866 error code for all hresult failure cases
867
868 STRSAFE_E_INSUFFICIENT_BUFFER /
869 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
870 - this return value is an indication that the copy
871 operation failed due to insufficient space. When this
872 error occurs, the destination buffer is modified to
873 contain a truncated version of the ideal result and is
874 null terminated. This is useful for situations where
875 truncation is ok
876
877 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
878 return value of this function.
879
880 --*/
881
882 STRSAFEAPI StringCbCopyNA(char* pszDest, size_t cbDest, const char* pszSrc, size_t cbSrc);
883 STRSAFEAPI StringCbCopyNW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszSrc, size_t cbSrc);
884 #ifdef UNICODE
885 #define StringCbCopyN StringCbCopyNW
886 #else
887 #define StringCbCopyN StringCbCopyNA
888 #endif // !UNICODE
889
890 #ifdef STRSAFE_INLINE
891 STRSAFEAPI StringCbCopyNA(char* pszDest, size_t cbDest, const char* pszSrc, size_t cbSrc)
892 {
893 HRESULT hr;
894 size_t cchDest;
895 size_t cchSrc;
896
897 // convert to count of characters
898 cchDest = cbDest / sizeof(char);
899 cchSrc = cbSrc / sizeof(char);
900
901 if ((cchDest > STRSAFE_MAX_CCH) ||
902 (cchSrc > STRSAFE_MAX_CCH))
903 {
904 hr = STRSAFE_E_INVALID_PARAMETER;
905 }
906 else
907 {
908 hr = StringCopyNWorkerA(pszDest, cchDest, pszSrc, cchSrc);
909 }
910
911 return hr;
912 }
913
914 STRSAFEAPI StringCbCopyNW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszSrc, size_t cbSrc)
915 {
916 HRESULT hr;
917 size_t cchDest;
918 size_t cchSrc;
919
920 // convert to count of characters
921 cchDest = cbDest / sizeof(wchar_t);
922 cchSrc = cbSrc / sizeof(wchar_t);
923
924 if ((cchDest > STRSAFE_MAX_CCH) ||
925 (cchSrc > STRSAFE_MAX_CCH))
926 {
927 hr = STRSAFE_E_INVALID_PARAMETER;
928 }
929 else
930 {
931 hr = StringCopyNWorkerW(pszDest, cchDest, pszSrc, cchSrc);
932 }
933
934 return hr;
935 }
936 #endif // STRSAFE_INLINE
937 #endif // !STRSAFE_NO_CB_FUNCTIONS
938
939
940 #ifndef STRSAFE_NO_CCH_FUNCTIONS
941 /*++
942
943 STDAPI
944 StringCchCopyNEx(
945 OUT LPTSTR pszDest OPTIONAL,
946 IN size_t cchDest,
947 IN LPCTSTR pszSrc OPTIONAL,
948 IN size_t cchSrc,
949 OUT LPTSTR* ppszDestEnd OPTIONAL,
950 OUT size_t* pcchRemaining OPTIONAL,
951 IN DWORD dwFlags
952 );
953
954 Routine Description:
955
956 This routine is a safer version of the C built-in function 'strncpy' with
957 some additional parameters. In addition to functionality provided by
958 StringCchCopyN, this routine also returns a pointer to the end of the
959 destination string and the number of characters left in the destination
960 string including the null terminator. The flags parameter allows
961 additional controls.
962
963 This routine is meant as a replacement for strncpy, but it does behave
964 differently. This function will not pad the destination buffer with extra
965 null termination characters if cchSrc is greater than the length of pszSrc.
966
967 Arguments:
968
969 pszDest - destination string
970
971 cchDest - size of destination buffer in characters.
972 length must be = (_tcslen(pszSrc) + 1) to hold all of
973 the source including the null terminator
974
975 pszSrc - source string
976
977 cchSrc - maximum number of characters to copy from the source
978 string
979
980 ppszDestEnd - if ppszDestEnd is non-null, the function will return a
981 pointer to the end of the destination string. If the
982 function copied any data, the result will point to the
983 null termination character
984
985 pcchRemaining - if pcchRemaining is non-null, the function will return the
986 number of characters left in the destination string,
987 including the null terminator
988
989 dwFlags - controls some details of the string copy:
990
991 STRSAFE_FILL_BEHIND_NULL
992 if the function succeeds, the low byte of dwFlags will be
993 used to fill the uninitialize part of destination buffer
994 behind the null terminator
995
996 STRSAFE_IGNORE_NULLS
997 treat NULL string pointers like empty strings (TEXT("")).
998 this flag is useful for emulating functions like lstrcpy
999
1000 STRSAFE_FILL_ON_FAILURE
1001 if the function fails, the low byte of dwFlags will be
1002 used to fill all of the destination buffer, and it will
1003 be null terminated. This will overwrite any truncated
1004 string returned when the failure is
1005 STRSAFE_E_INSUFFICIENT_BUFFER
1006
1007 STRSAFE_NO_TRUNCATION /
1008 STRSAFE_NULL_ON_FAILURE
1009 if the function fails, the destination buffer will be set
1010 to the empty string. This will overwrite any truncated string
1011 returned when the failure is STRSAFE_E_INSUFFICIENT_BUFFER.
1012
1013 Notes:
1014 Behavior is undefined if source and destination strings overlap.
1015
1016 pszDest and pszSrc should not be NULL unless the STRSAFE_IGNORE_NULLS flag
1017 is specified. If STRSAFE_IGNORE_NULLS is passed, both pszDest and pszSrc
1018 may be NULL. An error may still be returned even though NULLS are ignored
1019 due to insufficient space.
1020
1021 Return Value:
1022
1023 S_OK - if there was source data and it was all copied and the
1024 resultant dest string was null terminated
1025
1026 failure - you can use the macro HRESULT_CODE() to get a win32
1027 error code for all hresult failure cases
1028
1029 STRSAFE_E_INSUFFICIENT_BUFFER /
1030 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
1031 - this return value is an indication that the copy
1032 operation failed due to insufficient space. When this
1033 error occurs, the destination buffer is modified to
1034 contain a truncated version of the ideal result and is
1035 null terminated. This is useful for situations where
1036 truncation is ok.
1037
1038 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
1039 return value of this function
1040
1041 --*/
1042
1043 STRSAFEAPI StringCchCopyNExA(char* pszDest, size_t cchDest, const char* pszSrc, size_t cchSrc, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
1044 STRSAFEAPI StringCchCopyNExW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc, size_t cchSrc, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
1045 #ifdef UNICODE
1046 #define StringCchCopyNEx StringCchCopyNExW
1047 #else
1048 #define StringCchCopyNEx StringCchCopyNExA
1049 #endif // !UNICODE
1050
1051 #ifdef STRSAFE_INLINE
1052 STRSAFEAPI StringCchCopyNExA(char* pszDest, size_t cchDest, const char* pszSrc, size_t cchSrc, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
1053 {
1054 HRESULT hr;
1055
1056 if ((cchDest > STRSAFE_MAX_CCH) ||
1057 (cchSrc > STRSAFE_MAX_CCH))
1058 {
1059 hr = STRSAFE_E_INVALID_PARAMETER;
1060 }
1061 else
1062 {
1063 size_t cbDest;
1064
1065 // safe to multiply cchDest * sizeof(char) since cchDest < STRSAFE_MAX_CCH and sizeof(char) is 1
1066 cbDest = cchDest * sizeof(char);
1067
1068 hr = StringCopyNExWorkerA(pszDest, cchDest, cbDest, pszSrc, cchSrc, ppszDestEnd, pcchRemaining, dwFlags);
1069 }
1070
1071 return hr;
1072 }
1073
1074 STRSAFEAPI StringCchCopyNExW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc, size_t cchSrc, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
1075 {
1076 HRESULT hr;
1077
1078 if ((cchDest > STRSAFE_MAX_CCH) ||
1079 (cchSrc > STRSAFE_MAX_CCH))
1080 {
1081 hr = STRSAFE_E_INVALID_PARAMETER;
1082 }
1083 else
1084 {
1085 size_t cbDest;
1086
1087 // safe to multiply cchDest * sizeof(wchar_t) since cchDest < STRSAFE_MAX_CCH and sizeof(wchar_t) is 2
1088 cbDest = cchDest * sizeof(wchar_t);
1089
1090 hr = StringCopyNExWorkerW(pszDest, cchDest, cbDest, pszSrc, cchSrc, ppszDestEnd, pcchRemaining, dwFlags);
1091 }
1092
1093 return hr;
1094 }
1095 #endif // STRSAFE_INLINE
1096 #endif // !STRSAFE_NO_CCH_FUNCTIONS
1097
1098
1099 #ifndef STRSAFE_NO_CB_FUNCTIONS
1100 /*++
1101
1102 STDAPI
1103 StringCbCopyNEx(
1104 OUT LPTSTR pszDest OPTIONAL,
1105 IN size_t cbDest,
1106 IN LPCTSTR pszSrc OPTIONAL,
1107 IN size_t cbSrc,
1108 OUT LPTSTR* ppszDestEnd OPTIONAL,
1109 OUT size_t* pcbRemaining OPTIONAL,
1110 IN DWORD dwFlags
1111 );
1112
1113 Routine Description:
1114
1115 This routine is a safer version of the C built-in function 'strncpy' with
1116 some additional parameters. In addition to functionality provided by
1117 StringCbCopyN, this routine also returns a pointer to the end of the
1118 destination string and the number of bytes left in the destination string
1119 including the null terminator. The flags parameter allows additional controls.
1120
1121 This routine is meant as a replacement for strncpy, but it does behave
1122 differently. This function will not pad the destination buffer with extra
1123 null termination characters if cbSrc is greater than the size of pszSrc.
1124
1125 Arguments:
1126
1127 pszDest - destination string
1128
1129 cbDest - size of destination buffer in bytes.
1130 length must be ((_tcslen(pszSrc) + 1) * sizeof(TCHAR)) to
1131 hold all of the source including the null terminator
1132
1133 pszSrc - source string
1134
1135 cbSrc - maximum number of bytes to copy from source string
1136
1137 ppszDestEnd - if ppszDestEnd is non-null, the function will return a
1138 pointer to the end of the destination string. If the
1139 function copied any data, the result will point to the
1140 null termination character
1141
1142 pcbRemaining - pcbRemaining is non-null,the function will return the
1143 number of bytes left in the destination string,
1144 including the null terminator
1145
1146 dwFlags - controls some details of the string copy:
1147
1148 STRSAFE_FILL_BEHIND_NULL
1149 if the function succeeds, the low byte of dwFlags will be
1150 used to fill the uninitialize part of destination buffer
1151 behind the null terminator
1152
1153 STRSAFE_IGNORE_NULLS
1154 treat NULL string pointers like empty strings (TEXT("")).
1155 this flag is useful for emulating functions like lstrcpy
1156
1157 STRSAFE_FILL_ON_FAILURE
1158 if the function fails, the low byte of dwFlags will be
1159 used to fill all of the destination buffer, and it will
1160 be null terminated. This will overwrite any truncated
1161 string returned when the failure is
1162 STRSAFE_E_INSUFFICIENT_BUFFER
1163
1164 STRSAFE_NO_TRUNCATION /
1165 STRSAFE_NULL_ON_FAILURE
1166 if the function fails, the destination buffer will be set
1167 to the empty string. This will overwrite any truncated string
1168 returned when the failure is STRSAFE_E_INSUFFICIENT_BUFFER.
1169
1170 Notes:
1171 Behavior is undefined if source and destination strings overlap.
1172
1173 pszDest and pszSrc should not be NULL unless the STRSAFE_IGNORE_NULLS flag
1174 is specified. If STRSAFE_IGNORE_NULLS is passed, both pszDest and pszSrc
1175 may be NULL. An error may still be returned even though NULLS are ignored
1176 due to insufficient space.
1177
1178 Return Value:
1179
1180 S_OK - if there was source data and it was all copied and the
1181 resultant dest string was null terminated
1182
1183 failure - you can use the macro HRESULT_CODE() to get a win32
1184 error code for all hresult failure cases
1185
1186 STRSAFE_E_INSUFFICIENT_BUFFER /
1187 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
1188 - this return value is an indication that the copy
1189 operation failed due to insufficient space. When this
1190 error occurs, the destination buffer is modified to
1191 contain a truncated version of the ideal result and is
1192 null terminated. This is useful for situations where
1193 truncation is ok.
1194
1195 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
1196 return value of this function
1197
1198 --*/
1199
1200 STRSAFEAPI StringCbCopyNExA(char* pszDest, size_t cbDest, const char* pszSrc, size_t cbSrc, char** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags);
1201 STRSAFEAPI StringCbCopyNExW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszSrc, size_t cbSrc, wchar_t** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags);
1202 #ifdef UNICODE
1203 #define StringCbCopyNEx StringCbCopyNExW
1204 #else
1205 #define StringCbCopyNEx StringCbCopyNExA
1206 #endif // !UNICODE
1207
1208 #ifdef STRSAFE_INLINE
1209 STRSAFEAPI StringCbCopyNExA(char* pszDest, size_t cbDest, const char* pszSrc, size_t cbSrc, char** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags)
1210 {
1211 HRESULT hr;
1212 size_t cchDest;
1213 size_t cchSrc;
1214 size_t cchRemaining = 0;
1215
1216 cchDest = cbDest / sizeof(char);
1217 cchSrc = cbSrc / sizeof(char);
1218
1219 if ((cchDest > STRSAFE_MAX_CCH) ||
1220 (cchSrc > STRSAFE_MAX_CCH))
1221 {
1222 hr = STRSAFE_E_INVALID_PARAMETER;
1223 }
1224 else
1225 {
1226 hr = StringCopyNExWorkerA(pszDest, cchDest, cbDest, pszSrc, cchSrc, ppszDestEnd, &cchRemaining, dwFlags);
1227 }
1228
1229 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
1230 {
1231 if (pcbRemaining)
1232 {
1233 // safe to multiply cchRemaining * sizeof(char) since cchRemaining < STRSAFE_MAX_CCH and sizeof(char) is 1
1234 *pcbRemaining = (cchRemaining * sizeof(char)) + (cbDest % sizeof(char));
1235 }
1236 }
1237
1238 return hr;
1239 }
1240
1241 STRSAFEAPI StringCbCopyNExW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszSrc, size_t cbSrc, wchar_t** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags)
1242 {
1243 HRESULT hr;
1244 size_t cchDest;
1245 size_t cchSrc;
1246 size_t cchRemaining = 0;
1247
1248 cchDest = cbDest / sizeof(wchar_t);
1249 cchSrc = cbSrc / sizeof(wchar_t);
1250
1251 if ((cchDest > STRSAFE_MAX_CCH) ||
1252 (cchSrc > STRSAFE_MAX_CCH))
1253 {
1254 hr = STRSAFE_E_INVALID_PARAMETER;
1255 }
1256 else
1257 {
1258 hr = StringCopyNExWorkerW(pszDest, cchDest, cbDest, pszSrc, cchSrc, ppszDestEnd, &cchRemaining, dwFlags);
1259 }
1260
1261 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
1262 {
1263 if (pcbRemaining)
1264 {
1265 // safe to multiply cchRemaining * sizeof(wchar_t) since cchRemaining < STRSAFE_MAX_CCH and sizeof(wchar_t) is 2
1266 *pcbRemaining = (cchRemaining * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t));
1267 }
1268 }
1269
1270 return hr;
1271 }
1272 #endif // STRSAFE_INLINE
1273 #endif // !STRSAFE_NO_CB_FUNCTIONS
1274
1275
1276 #ifndef STRSAFE_NO_CCH_FUNCTIONS
1277 /*++
1278
1279 STDAPI
1280 StringCchCat(
1281 IN OUT LPTSTR pszDest,
1282 IN size_t cchDest,
1283 IN LPCTSTR pszSrc
1284 );
1285
1286 Routine Description:
1287
1288 This routine is a safer version of the C built-in function 'strcat'.
1289 The size of the destination buffer (in characters) is a parameter and this
1290 function will not write past the end of this buffer and it will ALWAYS
1291 null terminate the destination buffer (unless it is zero length).
1292
1293 This function returns a hresult, and not a pointer. It returns
1294 S_OK if the string was concatenated without truncation and null terminated,
1295 otherwise it will return a failure code. In failure cases as much of pszSrc
1296 will be appended to pszDest as possible, and pszDest will be null
1297 terminated.
1298
1299 Arguments:
1300
1301 pszDest - destination string which must be null terminated
1302
1303 cchDest - size of destination buffer in characters.
1304 length must be = (_tcslen(pszDest) + _tcslen(pszSrc) + 1)
1305 to hold all of the combine string plus the null
1306 terminator
1307
1308 pszSrc - source string which must be null terminated
1309
1310 Notes:
1311 Behavior is undefined if source and destination strings overlap.
1312
1313 pszDest and pszSrc should not be NULL. See StringCchCatEx if you require
1314 the handling of NULL values.
1315
1316 Return Value:
1317
1318 S_OK - if there was source data and it was all concatenated and
1319 the resultant dest string was null terminated
1320
1321 failure - you can use the macro HRESULT_CODE() to get a win32
1322 error code for all hresult failure cases
1323
1324 STRSAFE_E_INSUFFICIENT_BUFFER /
1325 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
1326 - this return value is an indication that the operation
1327 failed due to insufficient space. When this error occurs,
1328 the destination buffer is modified to contain a truncated
1329 version of the ideal result and is null terminated. This
1330 is useful for situations where truncation is ok.
1331
1332 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
1333 return value of this function
1334
1335 --*/
1336
1337 STRSAFEAPI StringCchCatA(char* pszDest, size_t cchDest, const char* pszSrc);
1338 STRSAFEAPI StringCchCatW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc);
1339 #ifdef UNICODE
1340 #define StringCchCat StringCchCatW
1341 #else
1342 #define StringCchCat StringCchCatA
1343 #endif // !UNICODE
1344
1345 #ifdef STRSAFE_INLINE
1346 STRSAFEAPI StringCchCatA(char* pszDest, size_t cchDest, const char* pszSrc)
1347 {
1348 HRESULT hr;
1349
1350 if (cchDest > STRSAFE_MAX_CCH)
1351 {
1352 hr = STRSAFE_E_INVALID_PARAMETER;
1353 }
1354 else
1355 {
1356 hr = StringCatWorkerA(pszDest, cchDest, pszSrc);
1357 }
1358
1359 return hr;
1360 }
1361
1362 STRSAFEAPI StringCchCatW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc)
1363 {
1364 HRESULT hr;
1365
1366 if (cchDest > STRSAFE_MAX_CCH)
1367 {
1368 hr = STRSAFE_E_INVALID_PARAMETER;
1369 }
1370 else
1371 {
1372 hr = StringCatWorkerW(pszDest, cchDest, pszSrc);
1373 }
1374
1375 return hr;
1376 }
1377 #endif // STRSAFE_INLINE
1378 #endif // !STRSAFE_NO_CCH_FUNCTIONS
1379
1380
1381 #ifndef STRSAFE_NO_CB_FUNCTIONS
1382 /*++
1383
1384 STDAPI
1385 StringCbCat(
1386 IN OUT LPTSTR pszDest,
1387 IN size_t cbDest,
1388 IN LPCTSTR pszSrc
1389 );
1390
1391 Routine Description:
1392
1393 This routine is a safer version of the C built-in function 'strcat'.
1394 The size of the destination buffer (in bytes) is a parameter and this
1395 function will not write past the end of this buffer and it will ALWAYS
1396 null terminate the destination buffer (unless it is zero length).
1397
1398 This function returns a hresult, and not a pointer. It returns
1399 S_OK if the string was concatenated without truncation and null terminated,
1400 otherwise it will return a failure code. In failure cases as much of pszSrc
1401 will be appended to pszDest as possible, and pszDest will be null
1402 terminated.
1403
1404 Arguments:
1405
1406 pszDest - destination string which must be null terminated
1407
1408 cbDest - size of destination buffer in bytes.
1409 length must be = ((_tcslen(pszDest) + _tcslen(pszSrc) + 1) * sizeof(TCHAR)
1410 to hold all of the combine string plus the null
1411 terminator
1412
1413 pszSrc - source string which must be null terminated
1414
1415 Notes:
1416 Behavior is undefined if source and destination strings overlap.
1417
1418 pszDest and pszSrc should not be NULL. See StringCbCatEx if you require
1419 the handling of NULL values.
1420
1421 Return Value:
1422
1423 S_OK - if there was source data and it was all concatenated and
1424 the resultant dest string was null terminated
1425
1426 failure - you can use the macro HRESULT_CODE() to get a win32
1427 error code for all hresult failure cases
1428
1429 STRSAFE_E_INSUFFICIENT_BUFFER /
1430 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
1431 - this return value is an indication that the operation
1432 failed due to insufficient space. When this error occurs,
1433 the destination buffer is modified to contain a truncated
1434 version of the ideal result and is null terminated. This
1435 is useful for situations where truncation is ok.
1436
1437 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
1438 return value of this function
1439
1440 --*/
1441
1442 STRSAFEAPI StringCbCatA(char* pszDest, size_t cbDest, const char* pszSrc);
1443 STRSAFEAPI StringCbCatW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszSrc);
1444 #ifdef UNICODE
1445 #define StringCbCat StringCbCatW
1446 #else
1447 #define StringCbCat StringCbCatA
1448 #endif // !UNICODE
1449
1450 #ifdef STRSAFE_INLINE
1451 STRSAFEAPI StringCbCatA(char* pszDest, size_t cbDest, const char* pszSrc)
1452 {
1453 HRESULT hr;
1454 size_t cchDest;
1455
1456 cchDest = cbDest / sizeof(char);
1457
1458 if (cchDest > STRSAFE_MAX_CCH)
1459 {
1460 hr = STRSAFE_E_INVALID_PARAMETER;
1461 }
1462 else
1463 {
1464 hr = StringCatWorkerA(pszDest, cchDest, pszSrc);
1465 }
1466
1467 return hr;
1468 }
1469
1470 STRSAFEAPI StringCbCatW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszSrc)
1471 {
1472 HRESULT hr;
1473 size_t cchDest;
1474
1475 cchDest = cbDest / sizeof(wchar_t);
1476
1477 if (cchDest > STRSAFE_MAX_CCH)
1478 {
1479 hr = STRSAFE_E_INVALID_PARAMETER;
1480 }
1481 else
1482 {
1483 hr = StringCatWorkerW(pszDest, cchDest, pszSrc);
1484 }
1485
1486 return hr;
1487 }
1488 #endif // STRSAFE_INLINE
1489 #endif // !STRSAFE_NO_CB_FUNCTIONS
1490
1491
1492 #ifndef STRSAFE_NO_CCH_FUNCTIONS
1493 /*++
1494
1495 STDAPI
1496 StringCchCatEx(
1497 IN OUT LPTSTR pszDest OPTIONAL,
1498 IN size_t cchDest,
1499 IN LPCTSTR pszSrc OPTIONAL,
1500 OUT LPTSTR* ppszDestEnd OPTIONAL,
1501 OUT size_t* pcchRemaining OPTIONAL,
1502 IN DWORD dwFlags
1503 );
1504
1505 Routine Description:
1506
1507 This routine is a safer version of the C built-in function 'strcat' with
1508 some additional parameters. In addition to functionality provided by
1509 StringCchCat, this routine also returns a pointer to the end of the
1510 destination string and the number of characters left in the destination string
1511 including the null terminator. The flags parameter allows additional controls.
1512
1513 Arguments:
1514
1515 pszDest - destination string which must be null terminated
1516
1517 cchDest - size of destination buffer in characters
1518 length must be (_tcslen(pszDest) + _tcslen(pszSrc) + 1)
1519 to hold all of the combine string plus the null
1520 terminator.
1521
1522 pszSrc - source string which must be null terminated
1523
1524 ppszDestEnd - if ppszDestEnd is non-null, the function will return a
1525 pointer to the end of the destination string. If the
1526 function appended any data, the result will point to the
1527 null termination character
1528
1529 pcchRemaining - if pcchRemaining is non-null, the function will return the
1530 number of characters left in the destination string,
1531 including the null terminator
1532
1533 dwFlags - controls some details of the string copy:
1534
1535 STRSAFE_FILL_BEHIND_NULL
1536 if the function succeeds, the low byte of dwFlags will be
1537 used to fill the uninitialize part of destination buffer
1538 behind the null terminator
1539
1540 STRSAFE_IGNORE_NULLS
1541 treat NULL string pointers like empty strings (TEXT("")).
1542 this flag is useful for emulating functions like lstrcat
1543
1544 STRSAFE_FILL_ON_FAILURE
1545 if the function fails, the low byte of dwFlags will be
1546 used to fill all of the destination buffer, and it will
1547 be null terminated. This will overwrite any pre-existing
1548 or truncated string
1549
1550 STRSAFE_NULL_ON_FAILURE
1551 if the function fails, the destination buffer will be set
1552 to the empty string. This will overwrite any pre-existing or
1553 truncated string
1554
1555 STRSAFE_NO_TRUNCATION
1556 if the function returns STRSAFE_E_INSUFFICIENT_BUFFER, pszDest
1557 will not contain a truncated string, it will remain unchanged.
1558
1559 Notes:
1560 Behavior is undefined if source and destination strings overlap.
1561
1562 pszDest and pszSrc should not be NULL unless the STRSAFE_IGNORE_NULLS flag
1563 is specified. If STRSAFE_IGNORE_NULLS is passed, both pszDest and pszSrc
1564 may be NULL. An error may still be returned even though NULLS are ignored
1565 due to insufficient space.
1566
1567 Return Value:
1568
1569 S_OK - if there was source data and it was all concatenated and
1570 the resultant dest string was null terminated
1571
1572 failure - you can use the macro HRESULT_CODE() to get a win32
1573 error code for all hresult failure cases
1574
1575 STRSAFE_E_INSUFFICIENT_BUFFER /
1576 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
1577 - this return value is an indication that the operation
1578 failed due to insufficient space. When this error
1579 occurs, the destination buffer is modified to contain
1580 a truncated version of the ideal result and is null
1581 terminated. This is useful for situations where
1582 truncation is ok.
1583
1584 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
1585 return value of this function
1586
1587 --*/
1588
1589 STRSAFEAPI StringCchCatExA(char* pszDest, size_t cchDest, const char* pszSrc, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
1590 STRSAFEAPI StringCchCatExW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
1591 #ifdef UNICODE
1592 #define StringCchCatEx StringCchCatExW
1593 #else
1594 #define StringCchCatEx StringCchCatExA
1595 #endif // !UNICODE
1596
1597 #ifdef STRSAFE_INLINE
1598 STRSAFEAPI StringCchCatExA(char* pszDest, size_t cchDest, const char* pszSrc, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
1599 {
1600 HRESULT hr;
1601
1602 if (cchDest > STRSAFE_MAX_CCH)
1603 {
1604 hr = STRSAFE_E_INVALID_PARAMETER;
1605 }
1606 else
1607 {
1608 size_t cbDest;
1609
1610 // safe to multiply cchDest * sizeof(char) since cchDest < STRSAFE_MAX_CCH and sizeof(char) is 1
1611 cbDest = cchDest * sizeof(char);
1612
1613 hr = StringCatExWorkerA(pszDest, cchDest, cbDest, pszSrc, ppszDestEnd, pcchRemaining, dwFlags);
1614 }
1615
1616 return hr;
1617 }
1618
1619 STRSAFEAPI StringCchCatExW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
1620 {
1621 HRESULT hr;
1622
1623 if (cchDest > STRSAFE_MAX_CCH)
1624 {
1625 hr = STRSAFE_E_INVALID_PARAMETER;
1626 }
1627 else
1628 {
1629 size_t cbDest;
1630
1631 // safe to multiply cchDest * sizeof(wchar_t) since cchDest < STRSAFE_MAX_CCH and sizeof(wchar_t) is 2
1632 cbDest = cchDest * sizeof(wchar_t);
1633
1634 hr = StringCatExWorkerW(pszDest, cchDest, cbDest, pszSrc, ppszDestEnd, pcchRemaining, dwFlags);
1635 }
1636
1637 return hr;
1638 }
1639 #endif // STRSAFE_INLINE
1640 #endif // !STRSAFE_NO_CCH_FUNCTIONS
1641
1642
1643 #ifndef STRSAFE_NO_CB_FUNCTIONS
1644 /*++
1645
1646 STDAPI
1647 StringCbCatEx(
1648 IN OUT LPTSTR pszDest OPTIONAL,
1649 IN size_t cbDest,
1650 IN LPCTSTR pszSrc OPTIONAL,
1651 OUT LPTSTR* ppszDestEnd OPTIONAL,
1652 OUT size_t* pcbRemaining OPTIONAL,
1653 IN DWORD dwFlags
1654 );
1655
1656 Routine Description:
1657
1658 This routine is a safer version of the C built-in function 'strcat' with
1659 some additional parameters. In addition to functionality provided by
1660 StringCbCat, this routine also returns a pointer to the end of the
1661 destination string and the number of bytes left in the destination string
1662 including the null terminator. The flags parameter allows additional controls.
1663
1664 Arguments:
1665
1666 pszDest - destination string which must be null terminated
1667
1668 cbDest - size of destination buffer in bytes.
1669 length must be ((_tcslen(pszDest) + _tcslen(pszSrc) + 1) * sizeof(TCHAR)
1670 to hold all of the combine string plus the null
1671 terminator.
1672
1673 pszSrc - source string which must be null terminated
1674
1675 ppszDestEnd - if ppszDestEnd is non-null, the function will return a
1676 pointer to the end of the destination string. If the
1677 function appended any data, the result will point to the
1678 null termination character
1679
1680 pcbRemaining - if pcbRemaining is non-null, the function will return
1681 the number of bytes left in the destination string,
1682 including the null terminator
1683
1684 dwFlags - controls some details of the string copy:
1685
1686 STRSAFE_FILL_BEHIND_NULL
1687 if the function succeeds, the low byte of dwFlags will be
1688 used to fill the uninitialize part of destination buffer
1689 behind the null terminator
1690
1691 STRSAFE_IGNORE_NULLS
1692 treat NULL string pointers like empty strings (TEXT("")).
1693 this flag is useful for emulating functions like lstrcat
1694
1695 STRSAFE_FILL_ON_FAILURE
1696 if the function fails, the low byte of dwFlags will be
1697 used to fill all of the destination buffer, and it will
1698 be null terminated. This will overwrite any pre-existing
1699 or truncated string
1700
1701 STRSAFE_NULL_ON_FAILURE
1702 if the function fails, the destination buffer will be set
1703 to the empty string. This will overwrite any pre-existing or
1704 truncated string
1705
1706 STRSAFE_NO_TRUNCATION
1707 if the function returns STRSAFE_E_INSUFFICIENT_BUFFER, pszDest
1708 will not contain a truncated string, it will remain unchanged.
1709
1710 Notes:
1711 Behavior is undefined if source and destination strings overlap.
1712
1713 pszDest and pszSrc should not be NULL unless the STRSAFE_IGNORE_NULLS flag
1714 is specified. If STRSAFE_IGNORE_NULLS is passed, both pszDest and pszSrc
1715 may be NULL. An error may still be returned even though NULLS are ignored
1716 due to insufficient space.
1717
1718 Return Value:
1719
1720 S_OK - if there was source data and it was all concatenated
1721 and the resultant dest string was null terminated
1722
1723 failure - you can use the macro HRESULT_CODE() to get a win32
1724 error code for all hresult failure cases
1725
1726 STRSAFE_E_INSUFFICIENT_BUFFER /
1727 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
1728 - this return value is an indication that the operation
1729 failed due to insufficient space. When this error
1730 occurs, the destination buffer is modified to contain
1731 a truncated version of the ideal result and is null
1732 terminated. This is useful for situations where
1733 truncation is ok.
1734
1735 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
1736 return value of this function
1737
1738 --*/
1739
1740 STRSAFEAPI StringCbCatExA(char* pszDest, size_t cbDest, const char* pszSrc, char** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags);
1741 STRSAFEAPI StringCbCatExW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszSrc, wchar_t** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags);
1742 #ifdef UNICODE
1743 #define StringCbCatEx StringCbCatExW
1744 #else
1745 #define StringCbCatEx StringCbCatExA
1746 #endif // !UNICODE
1747
1748 #ifdef STRSAFE_INLINE
1749 STRSAFEAPI StringCbCatExA(char* pszDest, size_t cbDest, const char* pszSrc, char** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags)
1750 {
1751 HRESULT hr;
1752 size_t cchDest;
1753 size_t cchRemaining = 0;
1754
1755 cchDest = cbDest / sizeof(char);
1756
1757 if (cchDest > STRSAFE_MAX_CCH)
1758 {
1759 hr = STRSAFE_E_INVALID_PARAMETER;
1760 }
1761 else
1762 {
1763 hr = StringCatExWorkerA(pszDest, cchDest, cbDest, pszSrc, ppszDestEnd, &cchRemaining, dwFlags);
1764 }
1765
1766 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
1767 {
1768 if (pcbRemaining)
1769 {
1770 // safe to multiply cchRemaining * sizeof(char) since cchRemaining < STRSAFE_MAX_CCH and sizeof(char) is 1
1771 *pcbRemaining = (cchRemaining * sizeof(char)) + (cbDest % sizeof(char));
1772 }
1773 }
1774
1775 return hr;
1776 }
1777
1778 STRSAFEAPI StringCbCatExW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszSrc, wchar_t** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags)
1779 {
1780 HRESULT hr;
1781 size_t cchDest;
1782 size_t cchRemaining = 0;
1783
1784 cchDest = cbDest / sizeof(wchar_t);
1785
1786 if (cchDest > STRSAFE_MAX_CCH)
1787 {
1788 hr = STRSAFE_E_INVALID_PARAMETER;
1789 }
1790 else
1791 {
1792 hr = StringCatExWorkerW(pszDest, cchDest, cbDest, pszSrc, ppszDestEnd, &cchRemaining, dwFlags);
1793 }
1794
1795 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
1796 {
1797 if (pcbRemaining)
1798 {
1799 // safe to multiply cchRemaining * sizeof(wchar_t) since cchRemaining < STRSAFE_MAX_CCH and sizeof(wchar_t) is 2
1800 *pcbRemaining = (cchRemaining * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t));
1801 }
1802 }
1803
1804 return hr;
1805 }
1806 #endif // STRSAFE_INLINE
1807 #endif // !STRSAFE_NO_CB_FUNCTIONS
1808
1809
1810 #ifndef STRSAFE_NO_CCH_FUNCTIONS
1811 /*++
1812
1813 STDAPI
1814 StringCchCatN(
1815 IN OUT LPTSTR pszDest,
1816 IN size_t cchDest,
1817 IN LPCTSTR pszSrc,
1818 IN size_t cchMaxAppend
1819 );
1820
1821 Routine Description:
1822
1823 This routine is a safer version of the C built-in function 'strncat'.
1824 The size of the destination buffer (in characters) is a parameter as well as
1825 the maximum number of characters to append, excluding the null terminator.
1826 This function will not write past the end of the destination buffer and it will
1827 ALWAYS null terminate pszDest (unless it is zero length).
1828
1829 This function returns a hresult, and not a pointer. It returns
1830 S_OK if all of pszSrc or the first cchMaxAppend characters were appended
1831 to the destination string and it was null terminated, otherwise it will
1832 return a failure code. In failure cases as much of pszSrc will be appended
1833 to pszDest as possible, and pszDest will be null terminated.
1834
1835 Arguments:
1836
1837 pszDest - destination string which must be null terminated
1838
1839 cchDest - size of destination buffer in characters.
1840 length must be (_tcslen(pszDest) + min(cchMaxAppend, _tcslen(pszSrc)) + 1)
1841 to hold all of the combine string plus the null
1842 terminator.
1843
1844 pszSrc - source string
1845
1846 cchMaxAppend - maximum number of characters to append
1847
1848 Notes:
1849 Behavior is undefined if source and destination strings overlap.
1850
1851 pszDest and pszSrc should not be NULL. See StringCchCatNEx if you require
1852 the handling of NULL values.
1853
1854 Return Value:
1855
1856 S_OK - if all of pszSrc or the first cchMaxAppend characters
1857 were concatenated to pszDest and the resultant dest
1858 string was null terminated
1859
1860 failure - you can use the macro HRESULT_CODE() to get a win32
1861 error code for all hresult failure cases
1862
1863 STRSAFE_E_INSUFFICIENT_BUFFER /
1864 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
1865 - this return value is an indication that the operation
1866 failed due to insufficient space. When this error
1867 occurs, the destination buffer is modified to contain
1868 a truncated version of the ideal result and is null
1869 terminated. This is useful for situations where
1870 truncation is ok.
1871
1872 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
1873 return value of this function
1874
1875 --*/
1876
1877 STRSAFEAPI StringCchCatNA(char* pszDest, size_t cchDest, const char* pszSrc, size_t cchMaxAppend);
1878 STRSAFEAPI StringCchCatNW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc, size_t cchMaxAppend);
1879 #ifdef UNICODE
1880 #define StringCchCatN StringCchCatNW
1881 #else
1882 #define StringCchCatN StringCchCatNA
1883 #endif // !UNICODE
1884
1885 #ifdef STRSAFE_INLINE
1886 STRSAFEAPI StringCchCatNA(char* pszDest, size_t cchDest, const char* pszSrc, size_t cchMaxAppend)
1887 {
1888 HRESULT hr;
1889
1890 if (cchDest > STRSAFE_MAX_CCH)
1891 {
1892 hr = STRSAFE_E_INVALID_PARAMETER;
1893 }
1894 else
1895 {
1896 hr = StringCatNWorkerA(pszDest, cchDest, pszSrc, cchMaxAppend);
1897 }
1898
1899 return hr;
1900 }
1901
1902 STRSAFEAPI StringCchCatNW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc, size_t cchMaxAppend)
1903 {
1904 HRESULT hr;
1905
1906 if (cchDest > STRSAFE_MAX_CCH)
1907 {
1908 hr = STRSAFE_E_INVALID_PARAMETER;
1909 }
1910 else
1911 {
1912 hr = StringCatNWorkerW(pszDest, cchDest, pszSrc, cchMaxAppend);
1913 }
1914
1915 return hr;
1916 }
1917 #endif // STRSAFE_INLINE
1918 #endif // !STRSAFE_NO_CCH_FUNCTIONS
1919
1920
1921 #ifndef STRSAFE_NO_CB_FUNCTIONS
1922 /*++
1923
1924 STDAPI
1925 StringCbCatN(
1926 IN OUT LPTSTR pszDest,
1927 IN size_t cbDest,
1928 IN LPCTSTR pszSrc,
1929 IN size_t cbMaxAppend
1930 );
1931
1932 Routine Description:
1933
1934 This routine is a safer version of the C built-in function 'strncat'.
1935 The size of the destination buffer (in bytes) is a parameter as well as
1936 the maximum number of bytes to append, excluding the null terminator.
1937 This function will not write past the end of the destination buffer and it will
1938 ALWAYS null terminate pszDest (unless it is zero length).
1939
1940 This function returns a hresult, and not a pointer. It returns
1941 S_OK if all of pszSrc or the first cbMaxAppend bytes were appended
1942 to the destination string and it was null terminated, otherwise it will
1943 return a failure code. In failure cases as much of pszSrc will be appended
1944 to pszDest as possible, and pszDest will be null terminated.
1945
1946 Arguments:
1947
1948 pszDest - destination string which must be null terminated
1949
1950 cbDest - size of destination buffer in bytes.
1951 length must be ((_tcslen(pszDest) + min(cbMaxAppend / sizeof(TCHAR), _tcslen(pszSrc)) + 1) * sizeof(TCHAR)
1952 to hold all of the combine string plus the null
1953 terminator.
1954
1955 pszSrc - source string
1956
1957 cbMaxAppend - maximum number of bytes to append
1958
1959 Notes:
1960 Behavior is undefined if source and destination strings overlap.
1961
1962 pszDest and pszSrc should not be NULL. See StringCbCatNEx if you require
1963 the handling of NULL values.
1964
1965 Return Value:
1966
1967 S_OK - if all of pszSrc or the first cbMaxAppend bytes were
1968 concatenated to pszDest and the resultant dest string
1969 was null terminated
1970
1971 failure - you can use the macro HRESULT_CODE() to get a win32
1972 error code for all hresult failure cases
1973
1974 STRSAFE_E_INSUFFICIENT_BUFFER /
1975 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
1976 - this return value is an indication that the operation
1977 failed due to insufficient space. When this error
1978 occurs, the destination buffer is modified to contain
1979 a truncated version of the ideal result and is null
1980 terminated. This is useful for situations where
1981 truncation is ok.
1982
1983 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
1984 return value of this function
1985
1986 --*/
1987
1988 STRSAFEAPI StringCbCatNA(char* pszDest, size_t cbDest, const char* pszSrc, size_t cbMaxAppend);
1989 STRSAFEAPI StringCbCatNW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszSrc, size_t cbMaxAppend);
1990 #ifdef UNICODE
1991 #define StringCbCatN StringCbCatNW
1992 #else
1993 #define StringCbCatN StringCbCatNA
1994 #endif // !UNICODE
1995
1996 #ifdef STRSAFE_INLINE
1997 STRSAFEAPI StringCbCatNA(char* pszDest, size_t cbDest, const char* pszSrc, size_t cbMaxAppend)
1998 {
1999 HRESULT hr;
2000 size_t cchDest;
2001
2002 cchDest = cbDest / sizeof(char);
2003
2004 if (cchDest > STRSAFE_MAX_CCH)
2005 {
2006 hr = STRSAFE_E_INVALID_PARAMETER;
2007 }
2008 else
2009 {
2010 size_t cchMaxAppend;
2011
2012 cchMaxAppend = cbMaxAppend / sizeof(char);
2013
2014 hr = StringCatNWorkerA(pszDest, cchDest, pszSrc, cchMaxAppend);
2015 }
2016
2017 return hr;
2018 }
2019
2020 STRSAFEAPI StringCbCatNW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszSrc, size_t cbMaxAppend)
2021 {
2022 HRESULT hr;
2023 size_t cchDest;
2024
2025 cchDest = cbDest / sizeof(wchar_t);
2026
2027 if (cchDest > STRSAFE_MAX_CCH)
2028 {
2029 hr = STRSAFE_E_INVALID_PARAMETER;
2030 }
2031 else
2032 {
2033 size_t cchMaxAppend;
2034
2035 cchMaxAppend = cbMaxAppend / sizeof(wchar_t);
2036
2037 hr = StringCatNWorkerW(pszDest, cchDest, pszSrc, cchMaxAppend);
2038 }
2039
2040 return hr;
2041 }
2042 #endif // STRSAFE_INLINE
2043 #endif // !STRSAFE_NO_CB_FUNCTIONS
2044
2045
2046 #ifndef STRSAFE_NO_CCH_FUNCTIONS
2047 /*++
2048
2049 STDAPI
2050 StringCchCatNEx(
2051 IN OUT LPTSTR pszDest OPTIONAL,
2052 IN size_t cchDest,
2053 IN LPCTSTR pszSrc OPTIONAL,
2054 IN size_t cchMaxAppend,
2055 OUT LPTSTR* ppszDestEnd OPTIONAL,
2056 OUT size_t* pcchRemaining OPTIONAL,
2057 IN DWORD dwFlags
2058 );
2059
2060 Routine Description:
2061
2062 This routine is a safer version of the C built-in function 'strncat', with
2063 some additional parameters. In addition to functionality provided by
2064 StringCchCatN, this routine also returns a pointer to the end of the
2065 destination string and the number of characters left in the destination string
2066 including the null terminator. The flags parameter allows additional controls.
2067
2068 Arguments:
2069
2070 pszDest - destination string which must be null terminated
2071
2072 cchDest - size of destination buffer in characters.
2073 length must be (_tcslen(pszDest) + min(cchMaxAppend, _tcslen(pszSrc)) + 1)
2074 to hold all of the combine string plus the null
2075 terminator.
2076
2077 pszSrc - source string
2078
2079 cchMaxAppend - maximum number of characters to append
2080
2081 ppszDestEnd - if ppszDestEnd is non-null, the function will return a
2082 pointer to the end of the destination string. If the
2083 function appended any data, the result will point to the
2084 null termination character
2085
2086 pcchRemaining - if pcchRemaining is non-null, the function will return the
2087 number of characters left in the destination string,
2088 including the null terminator
2089
2090 dwFlags - controls some details of the string copy:
2091
2092 STRSAFE_FILL_BEHIND_NULL
2093 if the function succeeds, the low byte of dwFlags will be
2094 used to fill the uninitialize part of destination buffer
2095 behind the null terminator
2096
2097 STRSAFE_IGNORE_NULLS
2098 treat NULL string pointers like empty strings (TEXT(""))
2099
2100 STRSAFE_FILL_ON_FAILURE
2101 if the function fails, the low byte of dwFlags will be
2102 used to fill all of the destination buffer, and it will
2103 be null terminated. This will overwrite any pre-existing
2104 or truncated string
2105
2106 STRSAFE_NULL_ON_FAILURE
2107 if the function fails, the destination buffer will be set
2108 to the empty string. This will overwrite any pre-existing or
2109 truncated string
2110
2111 STRSAFE_NO_TRUNCATION
2112 if the function returns STRSAFE_E_INSUFFICIENT_BUFFER, pszDest
2113 will not contain a truncated string, it will remain unchanged.
2114
2115 Notes:
2116 Behavior is undefined if source and destination strings overlap.
2117
2118 pszDest and pszSrc should not be NULL unless the STRSAFE_IGNORE_NULLS flag
2119 is specified. If STRSAFE_IGNORE_NULLS is passed, both pszDest and pszSrc
2120 may be NULL. An error may still be returned even though NULLS are ignored
2121 due to insufficient space.
2122
2123 Return Value:
2124
2125 S_OK - if all of pszSrc or the first cchMaxAppend characters
2126 were concatenated to pszDest and the resultant dest
2127 string was null terminated
2128
2129 failure - you can use the macro HRESULT_CODE() to get a win32
2130 error code for all hresult failure cases
2131
2132 STRSAFE_E_INSUFFICIENT_BUFFER /
2133 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
2134 - this return value is an indication that the operation
2135 failed due to insufficient space. When this error
2136 occurs, the destination buffer is modified to contain
2137 a truncated version of the ideal result and is null
2138 terminated. This is useful for situations where
2139 truncation is ok.
2140
2141 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
2142 return value of this function
2143
2144 --*/
2145
2146 STRSAFEAPI StringCchCatNExA(char* pszDest, size_t cchDest, const char* pszSrc, size_t cchMaxAppend, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
2147 STRSAFEAPI StringCchCatNExW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc, size_t cchMaxAppend, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
2148 #ifdef UNICODE
2149 #define StringCchCatNEx StringCchCatNExW
2150 #else
2151 #define StringCchCatNEx StringCchCatNExA
2152 #endif // !UNICODE
2153
2154 #ifdef STRSAFE_INLINE
2155 STRSAFEAPI StringCchCatNExA(char* pszDest, size_t cchDest, const char* pszSrc, size_t cchMaxAppend, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
2156 {
2157 HRESULT hr;
2158
2159 if (cchDest > STRSAFE_MAX_CCH)
2160 {
2161 hr = STRSAFE_E_INVALID_PARAMETER;
2162 }
2163 else
2164 {
2165 size_t cbDest;
2166
2167 // safe to multiply cchDest * sizeof(char) since cchDest < STRSAFE_MAX_CCH and sizeof(char) is 1
2168 cbDest = cchDest * sizeof(char);
2169
2170 hr = StringCatNExWorkerA(pszDest, cchDest, cbDest, pszSrc, cchMaxAppend, ppszDestEnd, pcchRemaining, dwFlags);
2171 }
2172
2173 return hr;
2174 }
2175
2176 STRSAFEAPI StringCchCatNExW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc, size_t cchMaxAppend, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
2177 {
2178 HRESULT hr;
2179
2180 if (cchDest > STRSAFE_MAX_CCH)
2181 {
2182 hr = STRSAFE_E_INVALID_PARAMETER;
2183 }
2184 else
2185 {
2186 size_t cbDest;
2187
2188 // safe to multiply cchDest * sizeof(wchar_t) since cchDest < STRSAFE_MAX_CCH and sizeof(wchar_t) is 2
2189 cbDest = cchDest * sizeof(wchar_t);
2190
2191 hr = StringCatNExWorkerW(pszDest, cchDest, cbDest, pszSrc, cchMaxAppend, ppszDestEnd, pcchRemaining, dwFlags);
2192 }
2193
2194 return hr;
2195 }
2196 #endif // STRSAFE_INLINE
2197 #endif // !STRSAFE_NO_CCH_FUNCTIONS
2198
2199
2200 #ifndef STRSAFE_NO_CB_FUNCTIONS
2201 /*++
2202
2203 STDAPI
2204 StringCbCatNEx(
2205 IN OUT LPTSTR pszDest OPTIONAL,
2206 IN size_t cbDest,
2207 IN LPCTSTR pszSrc OPTIONAL,
2208 IN size_t cbMaxAppend,
2209 OUT LPTSTR* ppszDestEnd OPTIONAL,
2210 OUT size_t* pcchRemaining OPTIONAL,
2211 IN DWORD dwFlags
2212 );
2213
2214 Routine Description:
2215
2216 This routine is a safer version of the C built-in function 'strncat', with
2217 some additional parameters. In addition to functionality provided by
2218 StringCbCatN, this routine also returns a pointer to the end of the
2219 destination string and the number of bytes left in the destination string
2220 including the null terminator. The flags parameter allows additional controls.
2221
2222 Arguments:
2223
2224 pszDest - destination string which must be null terminated
2225
2226 cbDest - size of destination buffer in bytes.
2227 length must be ((_tcslen(pszDest) + min(cbMaxAppend / sizeof(TCHAR), _tcslen(pszSrc)) + 1) * sizeof(TCHAR)
2228 to hold all of the combine string plus the null
2229 terminator.
2230
2231 pszSrc - source string
2232
2233 cbMaxAppend - maximum number of bytes to append
2234
2235 ppszDestEnd - if ppszDestEnd is non-null, the function will return a
2236 pointer to the end of the destination string. If the
2237 function appended any data, the result will point to the
2238 null termination character
2239
2240 pcbRemaining - if pcbRemaining is non-null, the function will return the
2241 number of bytes left in the destination string,
2242 including the null terminator
2243
2244 dwFlags - controls some details of the string copy:
2245
2246 STRSAFE_FILL_BEHIND_NULL
2247 if the function succeeds, the low byte of dwFlags will be
2248 used to fill the uninitialize part of destination buffer
2249 behind the null terminator
2250
2251 STRSAFE_IGNORE_NULLS
2252 treat NULL string pointers like empty strings (TEXT(""))
2253
2254 STRSAFE_FILL_ON_FAILURE
2255 if the function fails, the low byte of dwFlags will be
2256 used to fill all of the destination buffer, and it will
2257 be null terminated. This will overwrite any pre-existing
2258 or truncated string
2259
2260 STRSAFE_NULL_ON_FAILURE
2261 if the function fails, the destination buffer will be set
2262 to the empty string. This will overwrite any pre-existing or
2263 truncated string
2264
2265 STRSAFE_NO_TRUNCATION
2266 if the function returns STRSAFE_E_INSUFFICIENT_BUFFER, pszDest
2267 will not contain a truncated string, it will remain unchanged.
2268
2269 Notes:
2270 Behavior is undefined if source and destination strings overlap.
2271
2272 pszDest and pszSrc should not be NULL unless the STRSAFE_IGNORE_NULLS flag
2273 is specified. If STRSAFE_IGNORE_NULLS is passed, both pszDest and pszSrc
2274 may be NULL. An error may still be returned even though NULLS are ignored
2275 due to insufficient space.
2276
2277 Return Value:
2278
2279 S_OK - if all of pszSrc or the first cbMaxAppend bytes were
2280 concatenated to pszDest and the resultant dest string
2281 was null terminated
2282
2283 failure - you can use the macro HRESULT_CODE() to get a win32
2284 error code for all hresult failure cases
2285
2286 STRSAFE_E_INSUFFICIENT_BUFFER /
2287 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
2288 - this return value is an indication that the operation
2289 failed due to insufficient space. When this error
2290 occurs, the destination buffer is modified to contain
2291 a truncated version of the ideal result and is null
2292 terminated. This is useful for situations where
2293 truncation is ok.
2294
2295 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
2296 return value of this function
2297
2298 --*/
2299
2300 STRSAFEAPI StringCbCatNExA(char* pszDest, size_t cbDest, const char* pszSrc, size_t cbMaxAppend, char** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags);
2301 STRSAFEAPI StringCbCatNExW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszSrc, size_t cbMaxAppend, wchar_t** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags);
2302 #ifdef UNICODE
2303 #define StringCbCatNEx StringCbCatNExW
2304 #else
2305 #define StringCbCatNEx StringCbCatNExA
2306 #endif // !UNICODE
2307
2308 #ifdef STRSAFE_INLINE
2309 STRSAFEAPI StringCbCatNExA(char* pszDest, size_t cbDest, const char* pszSrc, size_t cbMaxAppend, char** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags)
2310 {
2311 HRESULT hr;
2312 size_t cchDest;
2313 size_t cchRemaining = 0;
2314
2315 cchDest = cbDest / sizeof(char);
2316
2317 if (cchDest > STRSAFE_MAX_CCH)
2318 {
2319 hr = STRSAFE_E_INVALID_PARAMETER;
2320 }
2321 else
2322 {
2323 size_t cchMaxAppend;
2324
2325 cchMaxAppend = cbMaxAppend / sizeof(char);
2326
2327 hr = StringCatNExWorkerA(pszDest, cchDest, cbDest, pszSrc, cchMaxAppend, ppszDestEnd, &cchRemaining, dwFlags);
2328 }
2329
2330 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
2331 {
2332 if (pcbRemaining)
2333 {
2334 // safe to multiply cchRemaining * sizeof(char) since cchRemaining < STRSAFE_MAX_CCH and sizeof(char) is 1
2335 *pcbRemaining = (cchRemaining * sizeof(char)) + (cbDest % sizeof(char));
2336 }
2337 }
2338
2339 return hr;
2340 }
2341
2342 STRSAFEAPI StringCbCatNExW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszSrc, size_t cbMaxAppend, wchar_t** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags)
2343 {
2344 HRESULT hr;
2345 size_t cchDest;
2346 size_t cchRemaining = 0;
2347
2348 cchDest = cbDest / sizeof(wchar_t);
2349
2350 if (cchDest > STRSAFE_MAX_CCH)
2351 {
2352 hr = STRSAFE_E_INVALID_PARAMETER;
2353 }
2354 else
2355 {
2356 size_t cchMaxAppend;
2357
2358 cchMaxAppend = cbMaxAppend / sizeof(wchar_t);
2359
2360 hr = StringCatNExWorkerW(pszDest, cchDest, cbDest, pszSrc, cchMaxAppend, ppszDestEnd, &cchRemaining, dwFlags);
2361 }
2362
2363 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
2364 {
2365 if (pcbRemaining)
2366 {
2367 // safe to multiply cchRemaining * sizeof(wchar_t) since cchRemaining < STRSAFE_MAX_CCH and sizeof(wchar_t) is 2
2368 *pcbRemaining = (cchRemaining * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t));
2369 }
2370 }
2371
2372 return hr;
2373 }
2374 #endif // STRSAFE_INLINE
2375 #endif // !STRSAFE_NO_CB_FUNCTIONS
2376
2377
2378 #ifndef STRSAFE_NO_CCH_FUNCTIONS
2379 /*++
2380
2381 STDAPI
2382 StringCchVPrintf(
2383 OUT LPTSTR pszDest,
2384 IN size_t cchDest,
2385 IN LPCTSTR pszFormat,
2386 IN va_list argList
2387 );
2388
2389 Routine Description:
2390
2391 This routine is a safer version of the C built-in function 'vsprintf'.
2392 The size of the destination buffer (in characters) is a parameter and
2393 this function will not write past the end of this buffer and it will
2394 ALWAYS null terminate the destination buffer (unless it is zero length).
2395
2396 This function returns a hresult, and not a pointer. It returns
2397 S_OK if the string was printed without truncation and null terminated,
2398 otherwise it will return a failure code. In failure cases it will return
2399 a truncated version of the ideal result.
2400
2401 Arguments:
2402
2403 pszDest - destination string
2404
2405 cchDest - size of destination buffer in characters
2406 length must be sufficient to hold the resulting formatted
2407 string, including the null terminator.
2408
2409 pszFormat - format string which must be null terminated
2410
2411 argList - va_list from the variable arguments according to the
2412 stdarg.h convention
2413
2414 Notes:
2415 Behavior is undefined if destination, format strings or any arguments
2416 strings overlap.
2417
2418 pszDest and pszFormat should not be NULL. See StringCchVPrintfEx if you
2419 require the handling of NULL values.
2420
2421 Return Value:
2422
2423 S_OK - if there was sufficient space in the dest buffer for
2424 the resultant string and it was null terminated.
2425
2426 failure - you can use the macro HRESULT_CODE() to get a win32
2427 error code for all hresult failure cases
2428
2429 STRSAFE_E_INSUFFICIENT_BUFFER /
2430 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
2431 - this return value is an indication that the print
2432 operation failed due to insufficient space. When this
2433 error occurs, the destination buffer is modified to
2434 contain a truncated version of the ideal result and is
2435 null terminated. This is useful for situations where
2436 truncation is ok.
2437
2438 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
2439 return value of this function
2440
2441 --*/
2442
2443 STRSAFEAPI StringCchVPrintfA(char* pszDest, size_t cchDest, const char* pszFormat, va_list argList);
2444 STRSAFEAPI StringCchVPrintfW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszFormat, va_list argList);
2445 #ifdef UNICODE
2446 #define StringCchVPrintf StringCchVPrintfW
2447 #else
2448 #define StringCchVPrintf StringCchVPrintfA
2449 #endif // !UNICODE
2450
2451 #ifdef STRSAFE_INLINE
2452 STRSAFEAPI StringCchVPrintfA(char* pszDest, size_t cchDest, const char* pszFormat, va_list argList)
2453 {
2454 HRESULT hr;
2455
2456 if (cchDest > STRSAFE_MAX_CCH)
2457 {
2458 hr = STRSAFE_E_INVALID_PARAMETER;
2459 }
2460 else
2461 {
2462 hr = StringVPrintfWorkerA(pszDest, cchDest, pszFormat, argList);
2463 }
2464
2465 return hr;
2466 }
2467
2468 STRSAFEAPI StringCchVPrintfW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszFormat, va_list argList)
2469 {
2470 HRESULT hr;
2471
2472 if (cchDest > STRSAFE_MAX_CCH)
2473 {
2474 hr = STRSAFE_E_INVALID_PARAMETER;
2475 }
2476 else
2477 {
2478 hr = StringVPrintfWorkerW(pszDest, cchDest, pszFormat, argList);
2479 }
2480
2481 return hr;
2482 }
2483 #endif // STRSAFE_INLINE
2484 #endif // !STRSAFE_NO_CCH_FUNCTIONS
2485
2486
2487 #ifndef STRSAFE_NO_CB_FUNCTIONS
2488 /*++
2489
2490 STDAPI
2491 StringCbVPrintf(
2492 OUT LPTSTR pszDest,
2493 IN size_t cbDest,
2494 IN LPCTSTR pszFormat,
2495 IN va_list argList
2496 );
2497
2498 Routine Description:
2499
2500 This routine is a safer version of the C built-in function 'vsprintf'.
2501 The size of the destination buffer (in bytes) is a parameter and
2502 this function will not write past the end of this buffer and it will
2503 ALWAYS null terminate the destination buffer (unless it is zero length).
2504
2505 This function returns a hresult, and not a pointer. It returns
2506 S_OK if the string was printed without truncation and null terminated,
2507 otherwise it will return a failure code. In failure cases it will return
2508 a truncated version of the ideal result.
2509
2510 Arguments:
2511
2512 pszDest - destination string
2513
2514 cbDest - size of destination buffer in bytes
2515 length must be sufficient to hold the resulting formatted
2516 string, including the null terminator.
2517
2518 pszFormat - format string which must be null terminated
2519
2520 argList - va_list from the variable arguments according to the
2521 stdarg.h convention
2522
2523 Notes:
2524 Behavior is undefined if destination, format strings or any arguments
2525 strings overlap.
2526
2527 pszDest and pszFormat should not be NULL. See StringCbVPrintfEx if you
2528 require the handling of NULL values.
2529
2530
2531 Return Value:
2532
2533 S_OK - if there was sufficient space in the dest buffer for
2534 the resultant string and it was null terminated.
2535
2536 failure - you can use the macro HRESULT_CODE() to get a win32
2537 error code for all hresult failure cases
2538
2539 STRSAFE_E_INSUFFICIENT_BUFFER /
2540 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
2541 - this return value is an indication that the print
2542 operation failed due to insufficient space. When this
2543 error occurs, the destination buffer is modified to
2544 contain a truncated version of the ideal result and is
2545 null terminated. This is useful for situations where
2546 truncation is ok.
2547
2548 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
2549 return value of this function
2550
2551 --*/
2552
2553 STRSAFEAPI StringCbVPrintfA(char* pszDest, size_t cbDest, const char* pszFormat, va_list argList);
2554 STRSAFEAPI StringCbVPrintfW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszFormat, va_list argList);
2555 #ifdef UNICODE
2556 #define StringCbVPrintf StringCbVPrintfW
2557 #else
2558 #define StringCbVPrintf StringCbVPrintfA
2559 #endif // !UNICODE
2560
2561 #ifdef STRSAFE_INLINE
2562 STRSAFEAPI StringCbVPrintfA(char* pszDest, size_t cbDest, const char* pszFormat, va_list argList)
2563 {
2564 HRESULT hr;
2565 size_t cchDest;
2566
2567 cchDest = cbDest / sizeof(char);
2568
2569 if (cchDest > STRSAFE_MAX_CCH)
2570 {
2571 hr = STRSAFE_E_INVALID_PARAMETER;
2572 }
2573 else
2574 {
2575 hr = StringVPrintfWorkerA(pszDest, cchDest, pszFormat, argList);
2576 }
2577
2578 return hr;
2579 }
2580
2581 STRSAFEAPI StringCbVPrintfW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszFormat, va_list argList)
2582 {
2583 HRESULT hr;
2584 size_t cchDest;
2585
2586 cchDest = cbDest / sizeof(wchar_t);
2587
2588 if (cchDest > STRSAFE_MAX_CCH)
2589 {
2590 hr = STRSAFE_E_INVALID_PARAMETER;
2591 }
2592 else
2593 {
2594 hr = StringVPrintfWorkerW(pszDest, cchDest, pszFormat, argList);
2595 }
2596
2597 return hr;
2598 }
2599 #endif // STRSAFE_INLINE
2600 #endif // !STRSAFE_NO_CB_FUNCTIONS
2601
2602
2603 #ifndef STRSAFE_NO_CCH_FUNCTIONS
2604 /*++
2605
2606 STDAPI
2607 StringCchPrintf(
2608 OUT LPTSTR pszDest,
2609 IN size_t cchDest,
2610 IN LPCTSTR pszFormat,
2611 ...
2612 );
2613
2614 Routine Description:
2615
2616 This routine is a safer version of the C built-in function 'sprintf'.
2617 The size of the destination buffer (in characters) is a parameter and
2618 this function will not write past the end of this buffer and it will
2619 ALWAYS null terminate the destination buffer (unless it is zero length).
2620
2621 This function returns a hresult, and not a pointer. It returns
2622 S_OK if the string was printed without truncation and null terminated,
2623 otherwise it will return a failure code. In failure cases it will return
2624 a truncated version of the ideal result.
2625
2626 Arguments:
2627
2628 pszDest - destination string
2629
2630 cchDest - size of destination buffer in characters
2631 length must be sufficient to hold the resulting formatted
2632 string, including the null terminator.
2633
2634 pszFormat - format string which must be null terminated
2635
2636 ... - additional parameters to be formatted according to
2637 the format string
2638
2639 Notes:
2640 Behavior is undefined if destination, format strings or any arguments
2641 strings overlap.
2642
2643 pszDest and pszFormat should not be NULL. See StringCchPrintfEx if you
2644 require the handling of NULL values.
2645
2646 Return Value:
2647
2648 S_OK - if there was sufficient space in the dest buffer for
2649 the resultant string and it was null terminated.
2650
2651 failure - you can use the macro HRESULT_CODE() to get a win32
2652 error code for all hresult failure cases
2653
2654 STRSAFE_E_INSUFFICIENT_BUFFER /
2655 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
2656 - this return value is an indication that the print
2657 operation failed due to insufficient space. When this
2658 error occurs, the destination buffer is modified to
2659 contain a truncated version of the ideal result and is
2660 null terminated. This is useful for situations where
2661 truncation is ok.
2662
2663 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
2664 return value of this function
2665
2666 --*/
2667
2668 STRSAFEAPI StringCchPrintfA(char* pszDest, size_t cchDest, const char* pszFormat, ...);
2669 STRSAFEAPI StringCchPrintfW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszFormat, ...);
2670 #ifdef UNICODE
2671 #define StringCchPrintf StringCchPrintfW
2672 #else
2673 #define StringCchPrintf StringCchPrintfA
2674 #endif // !UNICODE
2675
2676 #ifdef STRSAFE_INLINE
2677 STRSAFEAPI StringCchPrintfA(char* pszDest, size_t cchDest, const char* pszFormat, ...)
2678 {
2679 HRESULT hr;
2680
2681 if (cchDest > STRSAFE_MAX_CCH)
2682 {
2683 hr = STRSAFE_E_INVALID_PARAMETER;
2684 }
2685 else
2686 {
2687 va_list argList;
2688
2689 va_start(argList, pszFormat);
2690
2691 hr = StringVPrintfWorkerA(pszDest, cchDest, pszFormat, argList);
2692
2693 va_end(argList);
2694 }
2695
2696 return hr;
2697 }
2698
2699 STRSAFEAPI StringCchPrintfW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszFormat, ...)
2700 {
2701 HRESULT hr;
2702
2703 if (cchDest > STRSAFE_MAX_CCH)
2704 {
2705 hr = STRSAFE_E_INVALID_PARAMETER;
2706 }
2707 else
2708 {
2709 va_list argList;
2710
2711 va_start(argList, pszFormat);
2712
2713 hr = StringVPrintfWorkerW(pszDest, cchDest, pszFormat, argList);
2714
2715 va_end(argList);
2716 }
2717
2718 return hr;
2719 }
2720 #endif // STRSAFE_INLINE
2721 #endif // !STRSAFE_NO_CCH_FUNCTIONS
2722
2723
2724 #ifndef STRSAFE_NO_CB_FUNCTIONS
2725 /*++
2726
2727 STDAPI
2728 StringCbPrintf(
2729 OUT LPTSTR pszDest,
2730 IN size_t cbDest,
2731 IN LPCTSTR pszFormat,
2732 ...
2733 );
2734
2735 Routine Description:
2736
2737 This routine is a safer version of the C built-in function 'sprintf'.
2738 The size of the destination buffer (in bytes) is a parameter and
2739 this function will not write past the end of this buffer and it will
2740 ALWAYS null terminate the destination buffer (unless it is zero length).
2741
2742 This function returns a hresult, and not a pointer. It returns
2743 S_OK if the string was printed without truncation and null terminated,
2744 otherwise it will return a failure code. In failure cases it will return
2745 a truncated version of the ideal result.
2746
2747 Arguments:
2748
2749 pszDest - destination string
2750
2751 cbDest - size of destination buffer in bytes
2752 length must be sufficient to hold the resulting formatted
2753 string, including the null terminator.
2754
2755 pszFormat - format string which must be null terminated
2756
2757 ... - additional parameters to be formatted according to
2758 the format string
2759
2760 Notes:
2761 Behavior is undefined if destination, format strings or any arguments
2762 strings overlap.
2763
2764 pszDest and pszFormat should not be NULL. See StringCbPrintfEx if you
2765 require the handling of NULL values.
2766
2767
2768 Return Value:
2769
2770 S_OK - if there was sufficient space in the dest buffer for
2771 the resultant string and it was null terminated.
2772
2773 failure - you can use the macro HRESULT_CODE() to get a win32
2774 error code for all hresult failure cases
2775
2776 STRSAFE_E_INSUFFICIENT_BUFFER /
2777 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
2778 - this return value is an indication that the print
2779 operation failed due to insufficient space. When this
2780 error occurs, the destination buffer is modified to
2781 contain a truncated version of the ideal result and is
2782 null terminated. This is useful for situations where
2783 truncation is ok.
2784
2785 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
2786 return value of this function
2787
2788 --*/
2789
2790 STRSAFEAPI StringCbPrintfA(char* pszDest, size_t cbDest, const char* pszFormat, ...);
2791 STRSAFEAPI StringCbPrintfW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszFormat, ...);
2792 #ifdef UNICODE
2793 #define StringCbPrintf StringCbPrintfW
2794 #else
2795 #define StringCbPrintf StringCbPrintfA
2796 #endif // !UNICODE
2797
2798 #ifdef STRSAFE_INLINE
2799 STRSAFEAPI StringCbPrintfA(char* pszDest, size_t cbDest, const char* pszFormat, ...)
2800 {
2801 HRESULT hr;
2802 size_t cchDest;
2803
2804 cchDest = cbDest / sizeof(char);
2805
2806 if (cchDest > STRSAFE_MAX_CCH)
2807 {
2808 hr = STRSAFE_E_INVALID_PARAMETER;
2809 }
2810 else
2811 {
2812 va_list argList;
2813
2814 va_start(argList, pszFormat);
2815
2816 hr = StringVPrintfWorkerA(pszDest, cchDest, pszFormat, argList);
2817
2818 va_end(argList);
2819 }
2820
2821 return hr;
2822 }
2823
2824 STRSAFEAPI StringCbPrintfW(wchar_t* pszDest, size_t cbDest, const wchar_t* pszFormat, ...)
2825 {
2826 HRESULT hr;
2827 size_t cchDest;
2828
2829 cchDest = cbDest / sizeof(wchar_t);
2830
2831 if (cchDest > STRSAFE_MAX_CCH)
2832 {
2833 hr = STRSAFE_E_INVALID_PARAMETER;
2834 }
2835 else
2836 {
2837 va_list argList;
2838
2839 va_start(argList, pszFormat);
2840
2841 hr = StringVPrintfWorkerW(pszDest, cchDest, pszFormat, argList);
2842
2843 va_end(argList);
2844 }
2845
2846 return hr;
2847 }
2848 #endif // STRSAFE_INLINE
2849 #endif // !STRSAFE_NO_CB_FUNCTIONS
2850
2851
2852 #ifndef STRSAFE_NO_CCH_FUNCTIONS
2853 /*++
2854
2855 STDAPI
2856 StringCchPrintfEx(
2857 OUT LPTSTR pszDest OPTIONAL,
2858 IN size_t cchDest,
2859 OUT LPTSTR* ppszDestEnd OPTIONAL,
2860 OUT size_t* pcchRemaining OPTIONAL,
2861 IN DWORD dwFlags,
2862 IN LPCTSTR pszFormat OPTIONAL,
2863 ...
2864 );
2865
2866 Routine Description:
2867
2868 This routine is a safer version of the C built-in function 'sprintf' with
2869 some additional parameters. In addition to functionality provided by
2870 StringCchPrintf, this routine also returns a pointer to the end of the
2871 destination string and the number of characters left in the destination string
2872 including the null terminator. The flags parameter allows additional controls.
2873
2874 Arguments:
2875
2876 pszDest - destination string
2877
2878 cchDest - size of destination buffer in characters.
2879 length must be sufficient to contain the resulting
2880 formatted string plus the null terminator.
2881
2882 ppszDestEnd - if ppszDestEnd is non-null, the function will return a
2883 pointer to the end of the destination string. If the
2884 function printed any data, the result will point to the
2885 null termination character
2886
2887 pcchRemaining - if pcchRemaining is non-null, the function will return
2888 the number of characters left in the destination string,
2889 including the null terminator
2890
2891 dwFlags - controls some details of the string copy:
2892
2893 STRSAFE_FILL_BEHIND_NULL
2894 if the function succeeds, the low byte of dwFlags will be
2895 used to fill the uninitialize part of destination buffer
2896 behind the null terminator
2897
2898 STRSAFE_IGNORE_NULLS
2899 treat NULL string pointers like empty strings (TEXT(""))
2900
2901 STRSAFE_FILL_ON_FAILURE
2902 if the function fails, the low byte of dwFlags will be
2903 used to fill all of the destination buffer, and it will
2904 be null terminated. This will overwrite any truncated
2905 string returned when the failure is
2906 STRSAFE_E_INSUFFICIENT_BUFFER
2907
2908 STRSAFE_NO_TRUNCATION /
2909 STRSAFE_NULL_ON_FAILURE
2910 if the function fails, the destination buffer will be set
2911 to the empty string. This will overwrite any truncated string
2912 returned when the failure is STRSAFE_E_INSUFFICIENT_BUFFER.
2913
2914 pszFormat - format string which must be null terminated
2915
2916 ... - additional parameters to be formatted according to
2917 the format string
2918
2919 Notes:
2920 Behavior is undefined if destination, format strings or any arguments
2921 strings overlap.
2922
2923 pszDest and pszFormat should not be NULL unless the STRSAFE_IGNORE_NULLS
2924 flag is specified. If STRSAFE_IGNORE_NULLS is passed, both pszDest and
2925 pszFormat may be NULL. An error may still be returned even though NULLS
2926 are ignored due to insufficient space.
2927
2928 Return Value:
2929
2930 S_OK - if there was source data and it was all concatenated and
2931 the resultant dest string was null terminated
2932
2933 failure - you can use the macro HRESULT_CODE() to get a win32
2934 error code for all hresult failure cases
2935
2936 STRSAFE_E_INSUFFICIENT_BUFFER /
2937 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
2938 - this return value is an indication that the print
2939 operation failed due to insufficient space. When this
2940 error occurs, the destination buffer is modified to
2941 contain a truncated version of the ideal result and is
2942 null terminated. This is useful for situations where
2943 truncation is ok.
2944
2945 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
2946 return value of this function
2947
2948 --*/
2949
2950 STRSAFEAPI StringCchPrintfExA(char* pszDest, size_t cchDest, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags, const char* pszFormat, ...);
2951 STRSAFEAPI StringCchPrintfExW(wchar_t* pszDest, size_t cchDest, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags, const wchar_t* pszFormat, ...);
2952 #ifdef UNICODE
2953 #define StringCchPrintfEx StringCchPrintfExW
2954 #else
2955 #define StringCchPrintfEx StringCchPrintfExA
2956 #endif // !UNICODE
2957
2958 #ifdef STRSAFE_INLINE
2959 STRSAFEAPI StringCchPrintfExA(char* pszDest, size_t cchDest, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags, const char* pszFormat, ...)
2960 {
2961 HRESULT hr;
2962
2963 if (cchDest > STRSAFE_MAX_CCH)
2964 {
2965 hr = STRSAFE_E_INVALID_PARAMETER;
2966 }
2967 else
2968 {
2969 size_t cbDest;
2970 va_list argList;
2971
2972 // safe to multiply cchDest * sizeof(char) since cchDest < STRSAFE_MAX_CCH and sizeof(char) is 1
2973 cbDest = cchDest * sizeof(char);
2974 va_start(argList, pszFormat);
2975
2976 hr = StringVPrintfExWorkerA(pszDest, cchDest, cbDest, ppszDestEnd, pcchRemaining, dwFlags, pszFormat, argList);
2977
2978 va_end(argList);
2979 }
2980
2981 return hr;
2982 }
2983
2984 STRSAFEAPI StringCchPrintfExW(wchar_t* pszDest, size_t cchDest, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags, const wchar_t* pszFormat, ...)
2985 {
2986 HRESULT hr;
2987
2988 if (cchDest > STRSAFE_MAX_CCH)
2989 {
2990 hr = STRSAFE_E_INVALID_PARAMETER;
2991 }
2992 else
2993 {
2994 size_t cbDest;
2995 va_list argList;
2996
2997 // safe to multiply cchDest * sizeof(wchar_t) since cchDest < STRSAFE_MAX_CCH and sizeof(wchar_t) is 2
2998 cbDest = cchDest * sizeof(wchar_t);
2999 va_start(argList, pszFormat);
3000
3001 hr = StringVPrintfExWorkerW(pszDest, cchDest, cbDest, ppszDestEnd, pcchRemaining, dwFlags, pszFormat, argList);
3002
3003 va_end(argList);
3004 }
3005
3006 return hr;
3007 }
3008 #endif // STRSAFE_INLINE
3009 #endif // !STRSAFE_NO_CCH_FUNCTIONS
3010
3011
3012 #ifndef STRSAFE_NO_CB_FUNCTIONS
3013 /*++
3014
3015 STDAPI
3016 StringCbPrintfEx(
3017 OUT LPTSTR pszDest OPTIONAL,
3018 IN size_t cbDest,
3019 OUT LPTSTR* ppszDestEnd OPTIONAL,
3020 OUT size_t* pcbRemaining OPTIONAL,
3021 IN DWORD dwFlags,
3022 IN LPCTSTR pszFormat OPTIONAL,
3023 ...
3024 );
3025
3026 Routine Description:
3027
3028 This routine is a safer version of the C built-in function 'sprintf' with
3029 some additional parameters. In addition to functionality provided by
3030 StringCbPrintf, this routine also returns a pointer to the end of the
3031 destination string and the number of bytes left in the destination string
3032 including the null terminator. The flags parameter allows additional controls.
3033
3034 Arguments:
3035
3036 pszDest - destination string
3037
3038 cbDest - size of destination buffer in bytes.
3039 length must be sufficient to contain the resulting
3040 formatted string plus the null terminator.
3041
3042 ppszDestEnd - if ppszDestEnd is non-null, the function will return a
3043 pointer to the end of the destination string. If the
3044 function printed any data, the result will point to the
3045 null termination character
3046
3047 pcbRemaining - if pcbRemaining is non-null, the function will return
3048 the number of bytes left in the destination string,
3049 including the null terminator
3050
3051 dwFlags - controls some details of the string copy:
3052
3053 STRSAFE_FILL_BEHIND_NULL
3054 if the function succeeds, the low byte of dwFlags will be
3055 used to fill the uninitialize part of destination buffer
3056 behind the null terminator
3057
3058 STRSAFE_IGNORE_NULLS
3059 treat NULL string pointers like empty strings (TEXT(""))
3060
3061 STRSAFE_FILL_ON_FAILURE
3062 if the function fails, the low byte of dwFlags will be
3063 used to fill all of the destination buffer, and it will
3064 be null terminated. This will overwrite any truncated
3065 string returned when the failure is
3066 STRSAFE_E_INSUFFICIENT_BUFFER
3067
3068 STRSAFE_NO_TRUNCATION /
3069 STRSAFE_NULL_ON_FAILURE
3070 if the function fails, the destination buffer will be set
3071 to the empty string. This will overwrite any truncated string
3072 returned when the failure is STRSAFE_E_INSUFFICIENT_BUFFER.
3073
3074 pszFormat - format string which must be null terminated
3075
3076 ... - additional parameters to be formatted according to
3077 the format string
3078
3079 Notes:
3080 Behavior is undefined if destination, format strings or any arguments
3081 strings overlap.
3082
3083 pszDest and pszFormat should not be NULL unless the STRSAFE_IGNORE_NULLS
3084 flag is specified. If STRSAFE_IGNORE_NULLS is passed, both pszDest and
3085 pszFormat may be NULL. An error may still be returned even though NULLS
3086 are ignored due to insufficient space.
3087
3088 Return Value:
3089
3090 S_OK - if there was source data and it was all concatenated and
3091 the resultant dest string was null terminated
3092
3093 failure - you can use the macro HRESULT_CODE() to get a win32
3094 error code for all hresult failure cases
3095
3096 STRSAFE_E_INSUFFICIENT_BUFFER /
3097 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
3098 - this return value is an indication that the print
3099 operation failed due to insufficient space. When this
3100 error occurs, the destination buffer is modified to
3101 contain a truncated version of the ideal result and is
3102 null terminated. This is useful for situations where
3103 truncation is ok.
3104
3105 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
3106 return value of this function
3107
3108 --*/
3109
3110 STRSAFEAPI StringCbPrintfExA(char* pszDest, size_t cbDest, char** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags, const char* pszFormat, ...);
3111 STRSAFEAPI StringCbPrintfExW(wchar_t* pszDest, size_t cbDest, wchar_t** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags, const wchar_t* pszFormat, ...);
3112 #ifdef UNICODE
3113 #define StringCbPrintfEx StringCbPrintfExW
3114 #else
3115 #define StringCbPrintfEx StringCbPrintfExA
3116 #endif // !UNICODE
3117
3118 #ifdef STRSAFE_INLINE
3119 STRSAFEAPI StringCbPrintfExA(char* pszDest, size_t cbDest, char** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags, const char* pszFormat, ...)
3120 {
3121 HRESULT hr;
3122 size_t cchDest;
3123 size_t cchRemaining = 0;
3124
3125 cchDest = cbDest / sizeof(char);
3126
3127 if (cchDest > STRSAFE_MAX_CCH)
3128 {
3129 hr = STRSAFE_E_INVALID_PARAMETER;
3130 }
3131 else
3132 {
3133 va_list argList;
3134
3135 va_start(argList, pszFormat);
3136
3137 hr = StringVPrintfExWorkerA(pszDest, cchDest, cbDest, ppszDestEnd, &cchRemaining, dwFlags, pszFormat, argList);
3138
3139 va_end(argList);
3140 }
3141
3142 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
3143 {
3144 if (pcbRemaining)
3145 {
3146 // safe to multiply cchRemaining * sizeof(char) since cchRemaining < STRSAFE_MAX_CCH and sizeof(char) is 1
3147 *pcbRemaining = (cchRemaining * sizeof(char)) + (cbDest % sizeof(char));
3148 }
3149 }
3150
3151 return hr;
3152 }
3153
3154 STRSAFEAPI StringCbPrintfExW(wchar_t* pszDest, size_t cbDest, wchar_t** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags, const wchar_t* pszFormat, ...)
3155 {
3156 HRESULT hr;
3157 size_t cchDest;
3158 size_t cchRemaining = 0;
3159
3160 cchDest = cbDest / sizeof(wchar_t);
3161
3162 if (cchDest > STRSAFE_MAX_CCH)
3163 {
3164 hr = STRSAFE_E_INVALID_PARAMETER;
3165 }
3166 else
3167 {
3168 va_list argList;
3169
3170 va_start(argList, pszFormat);
3171
3172 hr = StringVPrintfExWorkerW(pszDest, cchDest, cbDest, ppszDestEnd, &cchRemaining, dwFlags, pszFormat, argList);
3173
3174 va_end(argList);
3175 }
3176
3177 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
3178 {
3179 if (pcbRemaining)
3180 {
3181 // safe to multiply cchRemaining * sizeof(wchar_t) since cchRemaining < STRSAFE_MAX_CCH and sizeof(wchar_t) is 2
3182 *pcbRemaining = (cchRemaining * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t));
3183 }
3184 }
3185
3186 return hr;
3187 }
3188 #endif // STRSAFE_INLINE
3189 #endif // !STRSAFE_NO_CB_FUNCTIONS
3190
3191
3192 #ifndef STRSAFE_NO_CCH_FUNCTIONS
3193 /*++
3194
3195 STDAPI
3196 StringCchVPrintfEx(
3197 OUT LPTSTR pszDest OPTIONAL,
3198 IN size_t cchDest,
3199 OUT LPTSTR* ppszDestEnd OPTIONAL,
3200 OUT size_t* pcchRemaining OPTIONAL,
3201 IN DWORD dwFlags,
3202 IN LPCTSTR pszFormat OPTIONAL,
3203 IN va_list argList
3204 );
3205
3206 Routine Description:
3207
3208 This routine is a safer version of the C built-in function 'vsprintf' with
3209 some additional parameters. In addition to functionality provided by
3210 StringCchVPrintf, this routine also returns a pointer to the end of the
3211 destination string and the number of characters left in the destination string
3212 including the null terminator. The flags parameter allows additional controls.
3213
3214 Arguments:
3215
3216 pszDest - destination string
3217
3218 cchDest - size of destination buffer in characters.
3219 length must be sufficient to contain the resulting
3220 formatted string plus the null terminator.
3221
3222 ppszDestEnd - if ppszDestEnd is non-null, the function will return a
3223 pointer to the end of the destination string. If the
3224 function printed any data, the result will point to the
3225 null termination character
3226
3227 pcchRemaining - if pcchRemaining is non-null, the function will return
3228 the number of characters left in the destination string,
3229 including the null terminator
3230
3231 dwFlags - controls some details of the string copy:
3232
3233 STRSAFE_FILL_BEHIND_NULL
3234 if the function succeeds, the low byte of dwFlags will be
3235 used to fill the uninitialize part of destination buffer
3236 behind the null terminator
3237
3238 STRSAFE_IGNORE_NULLS
3239 treat NULL string pointers like empty strings (TEXT(""))
3240
3241 STRSAFE_FILL_ON_FAILURE
3242 if the function fails, the low byte of dwFlags will be
3243 used to fill all of the destination buffer, and it will
3244 be null terminated. This will overwrite any truncated
3245 string returned when the failure is
3246 STRSAFE_E_INSUFFICIENT_BUFFER
3247
3248 STRSAFE_NO_TRUNCATION /
3249 STRSAFE_NULL_ON_FAILURE
3250 if the function fails, the destination buffer will be set
3251 to the empty string. This will overwrite any truncated string
3252 returned when the failure is STRSAFE_E_INSUFFICIENT_BUFFER.
3253
3254 pszFormat - format string which must be null terminated
3255
3256 argList - va_list from the variable arguments according to the
3257 stdarg.h convention
3258
3259 Notes:
3260 Behavior is undefined if destination, format strings or any arguments
3261 strings overlap.
3262
3263 pszDest and pszFormat should not be NULL unless the STRSAFE_IGNORE_NULLS
3264 flag is specified. If STRSAFE_IGNORE_NULLS is passed, both pszDest and
3265 pszFormat may be NULL. An error may still be returned even though NULLS
3266 are ignored due to insufficient space.
3267
3268 Return Value:
3269
3270 S_OK - if there was source data and it was all concatenated and
3271 the resultant dest string was null terminated
3272
3273 failure - you can use the macro HRESULT_CODE() to get a win32
3274 error code for all hresult failure cases
3275
3276 STRSAFE_E_INSUFFICIENT_BUFFER /
3277 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
3278 - this return value is an indication that the print
3279 operation failed due to insufficient space. When this
3280 error occurs, the destination buffer is modified to
3281 contain a truncated version of the ideal result and is
3282 null terminated. This is useful for situations where
3283 truncation is ok.
3284
3285 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
3286 return value of this function
3287
3288 --*/
3289
3290 STRSAFEAPI StringCchVPrintfExA(char* pszDest, size_t cchDest, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags, const char* pszFormat, va_list argList);
3291 STRSAFEAPI StringCchVPrintfExW(wchar_t* pszDest, size_t cchDest, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags, const wchar_t* pszFormat, va_list argList);
3292 #ifdef UNICODE
3293 #define StringCchVPrintfEx StringCchVPrintfExW
3294 #else
3295 #define StringCchVPrintfEx StringCchVPrintfExA
3296 #endif // !UNICODE
3297
3298 #ifdef STRSAFE_INLINE
3299 STRSAFEAPI StringCchVPrintfExA(char* pszDest, size_t cchDest, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags, const char* pszFormat, va_list argList)
3300 {
3301 HRESULT hr;
3302
3303 if (cchDest > STRSAFE_MAX_CCH)
3304 {
3305 hr = STRSAFE_E_INVALID_PARAMETER;
3306 }
3307 else
3308 {
3309 size_t cbDest;
3310
3311 // safe to multiply cchDest * sizeof(char) since cchDest < STRSAFE_MAX_CCH and sizeof(char) is 1
3312 cbDest = cchDest * sizeof(char);
3313
3314 hr = StringVPrintfExWorkerA(pszDest, cchDest, cbDest, ppszDestEnd, pcchRemaining, dwFlags, pszFormat, argList);
3315 }
3316
3317 return hr;
3318 }
3319
3320 STRSAFEAPI StringCchVPrintfExW(wchar_t* pszDest, size_t cchDest, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags, const wchar_t* pszFormat, va_list argList)
3321 {
3322 HRESULT hr;
3323
3324 if (cchDest > STRSAFE_MAX_CCH)
3325 {
3326 hr = STRSAFE_E_INVALID_PARAMETER;
3327 }
3328 else
3329 {
3330 size_t cbDest;
3331
3332 // safe to multiply cchDest * sizeof(wchar_t) since cchDest < STRSAFE_MAX_CCH and sizeof(wchar_t) is 2
3333 cbDest = cchDest * sizeof(wchar_t);
3334
3335 hr = StringVPrintfExWorkerW(pszDest, cchDest, cbDest, ppszDestEnd, pcchRemaining, dwFlags, pszFormat, argList);
3336 }
3337
3338 return hr;
3339 }
3340 #endif // STRSAFE_INLINE
3341 #endif // !STRSAFE_NO_CCH_FUNCTIONS
3342
3343
3344 #ifndef STRSAFE_NO_CB_FUNCTIONS
3345 /*++
3346
3347 STDAPI
3348 StringCbVPrintfEx(
3349 OUT LPTSTR pszDest OPTIONAL,
3350 IN size_t cbDest,
3351 OUT LPTSTR* ppszDestEnd OPTIONAL,
3352 OUT size_t* pcbRemaining OPTIONAL,
3353 IN DWORD dwFlags,
3354 IN LPCTSTR pszFormat OPTIONAL,
3355 IN va_list argList
3356 );
3357
3358 Routine Description:
3359
3360 This routine is a safer version of the C built-in function 'vsprintf' with
3361 some additional parameters. In addition to functionality provided by
3362 StringCbVPrintf, this routine also returns a pointer to the end of the
3363 destination string and the number of characters left in the destination string
3364 including the null terminator. The flags parameter allows additional controls.
3365
3366 Arguments:
3367
3368 pszDest - destination string
3369
3370 cbDest - size of destination buffer in bytes.
3371 length must be sufficient to contain the resulting
3372 formatted string plus the null terminator.
3373
3374 ppszDestEnd - if ppszDestEnd is non-null, the function will return
3375 a pointer to the end of the destination string. If the
3376 function printed any data, the result will point to the
3377 null termination character
3378
3379 pcbRemaining - if pcbRemaining is non-null, the function will return
3380 the number of bytes left in the destination string,
3381 including the null terminator
3382
3383 dwFlags - controls some details of the string copy:
3384
3385 STRSAFE_FILL_BEHIND_NULL
3386 if the function succeeds, the low byte of dwFlags will be
3387 used to fill the uninitialize part of destination buffer
3388 behind the null terminator
3389
3390 STRSAFE_IGNORE_NULLS
3391 treat NULL string pointers like empty strings (TEXT(""))
3392
3393 STRSAFE_FILL_ON_FAILURE
3394 if the function fails, the low byte of dwFlags will be
3395 used to fill all of the destination buffer, and it will
3396 be null terminated. This will overwrite any truncated
3397 string returned when the failure is
3398 STRSAFE_E_INSUFFICIENT_BUFFER
3399
3400 STRSAFE_NO_TRUNCATION /
3401 STRSAFE_NULL_ON_FAILURE
3402 if the function fails, the destination buffer will be set
3403 to the empty string. This will overwrite any truncated string
3404 returned when the failure is STRSAFE_E_INSUFFICIENT_BUFFER.
3405
3406 pszFormat - format string which must be null terminated
3407
3408 argList - va_list from the variable arguments according to the
3409 stdarg.h convention
3410
3411 Notes:
3412 Behavior is undefined if destination, format strings or any arguments
3413 strings overlap.
3414
3415 pszDest and pszFormat should not be NULL unless the STRSAFE_IGNORE_NULLS
3416 flag is specified. If STRSAFE_IGNORE_NULLS is passed, both pszDest and
3417 pszFormat may be NULL. An error may still be returned even though NULLS
3418 are ignored due to insufficient space.
3419
3420 Return Value:
3421
3422 S_OK - if there was source data and it was all concatenated and
3423 the resultant dest string was null terminated
3424
3425 failure - you can use the macro HRESULT_CODE() to get a win32
3426 error code for all hresult failure cases
3427
3428 STRSAFE_E_INSUFFICIENT_BUFFER /
3429 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
3430 - this return value is an indication that the print
3431 operation failed due to insufficient space. When this
3432 error occurs, the destination buffer is modified to
3433 contain a truncated version of the ideal result and is
3434 null terminated. This is useful for situations where
3435 truncation is ok.
3436
3437 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
3438 return value of this function
3439
3440 --*/
3441
3442 STRSAFEAPI StringCbVPrintfExA(char* pszDest, size_t cbDest, char** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags, const char* pszFormat, va_list argList);
3443 STRSAFEAPI StringCbVPrintfExW(wchar_t* pszDest, size_t cbDest, wchar_t** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags, const wchar_t* pszFormat, va_list argList);
3444 #ifdef UNICODE
3445 #define StringCbVPrintfEx StringCbVPrintfExW
3446 #else
3447 #define StringCbVPrintfEx StringCbVPrintfExA
3448 #endif // !UNICODE
3449
3450 #ifdef STRSAFE_INLINE
3451 STRSAFEAPI StringCbVPrintfExA(char* pszDest, size_t cbDest, char** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags, const char* pszFormat, va_list argList)
3452 {
3453 HRESULT hr;
3454 size_t cchDest;
3455 size_t cchRemaining = 0;
3456
3457 cchDest = cbDest / sizeof(char);
3458
3459 if (cchDest > STRSAFE_MAX_CCH)
3460 {
3461 hr = STRSAFE_E_INVALID_PARAMETER;
3462 }
3463 else
3464 {
3465 hr = StringVPrintfExWorkerA(pszDest, cchDest, cbDest, ppszDestEnd, &cchRemaining, dwFlags, pszFormat, argList);
3466 }
3467
3468 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
3469 {
3470 if (pcbRemaining)
3471 {
3472 // safe to multiply cchRemaining * sizeof(char) since cchRemaining < STRSAFE_MAX_CCH and sizeof(char) is 1
3473 *pcbRemaining = (cchRemaining * sizeof(char)) + (cbDest % sizeof(char));
3474 }
3475 }
3476
3477 return hr;
3478 }
3479
3480 STRSAFEAPI StringCbVPrintfExW(wchar_t* pszDest, size_t cbDest, wchar_t** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags, const wchar_t* pszFormat, va_list argList)
3481 {
3482 HRESULT hr;
3483 size_t cchDest;
3484 size_t cchRemaining = 0;
3485
3486 cchDest = cbDest / sizeof(wchar_t);
3487
3488 if (cchDest > STRSAFE_MAX_CCH)
3489 {
3490 hr = STRSAFE_E_INVALID_PARAMETER;
3491 }
3492 else
3493 {
3494 hr = StringVPrintfExWorkerW(pszDest, cchDest, cbDest, ppszDestEnd, &cchRemaining, dwFlags, pszFormat, argList);
3495 }
3496
3497 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
3498 {
3499 if (pcbRemaining)
3500 {
3501 // safe to multiply cchRemaining * sizeof(wchar_t) since cchRemaining < STRSAFE_MAX_CCH and sizeof(wchar_t) is 2
3502 *pcbRemaining = (cchRemaining * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t));
3503 }
3504 }
3505
3506 return hr;
3507 }
3508 #endif // STRSAFE_INLINE
3509 #endif // !STRSAFE_NO_CB_FUNCTIONS
3510
3511
3512 #ifndef STRSAFE_NO_CCH_FUNCTIONS
3513 /*++
3514
3515 STDAPI
3516 StringCchGets(
3517 OUT LPTSTR pszDest,
3518 IN size_t cchDest
3519 );
3520
3521 Routine Description:
3522
3523 This routine is a safer version of the C built-in function 'gets'.
3524 The size of the destination buffer (in characters) is a parameter and
3525 this function will not write past the end of this buffer and it will
3526 ALWAYS null terminate the destination buffer (unless it is zero length).
3527
3528 This routine is not a replacement for fgets. That function does not replace
3529 newline characters with a null terminator.
3530
3531 This function returns a hresult, and not a pointer. It returns
3532 S_OK if any characters were read from stdin and copied to pszDest and
3533 pszDest was null terminated, otherwise it will return a failure code.
3534
3535 Arguments:
3536
3537 pszDest - destination string
3538
3539 cchDest - size of destination buffer in characters.
3540
3541 Notes:
3542 pszDest should not be NULL. See StringCchGetsEx if you require the handling
3543 of NULL values.
3544
3545 cchDest must be > 1 for this function to succeed.
3546
3547 Return Value:
3548
3549 S_OK - data was read from stdin and copied, and the resultant
3550 dest string was null terminated
3551
3552 failure - you can use the macro HRESULT_CODE() to get a win32
3553 error code for all hresult failure cases
3554
3555 STRSAFE_E_END_OF_FILE /
3556 HRESULT_CODE(hr) == ERROR_HANDLE_EOF
3557 - this return value indicates an error or end-of-file
3558 condition, use feof or ferror to determine which one has
3559 occured.
3560
3561 STRSAFE_E_INSUFFICIENT_BUFFER /
3562 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
3563 - this return value is an indication that there was
3564 insufficient space in the destination buffer to copy any
3565 data
3566
3567 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
3568 return value of this function.
3569
3570 --*/
3571
3572 #ifndef STRSAFE_LIB_IMPL
3573 STRSAFE_INLINE_API StringCchGetsA(char* pszDest, size_t cchDest);
3574 STRSAFE_INLINE_API StringCchGetsW(wchar_t* pszDest, size_t cchDest);
3575 #ifdef UNICODE
3576 #define StringCchGets StringCchGetsW
3577 #else
3578 #define StringCchGets StringCchGetsA
3579 #endif // !UNICODE
3580
3581 STRSAFE_INLINE_API StringCchGetsA(char* pszDest, size_t cchDest)
3582 {
3583 HRESULT hr;
3584
3585 if (cchDest > STRSAFE_MAX_CCH)
3586 {
3587 hr = STRSAFE_E_INVALID_PARAMETER;
3588 }
3589 else
3590 {
3591 size_t cbDest;
3592
3593 // safe to multiply cchDest * sizeof(char) since cchDest < STRSAFE_MAX_CCH and sizeof(char) is 1
3594 cbDest = cchDest * sizeof(char);
3595
3596 hr = StringGetsExWorkerA(pszDest, cchDest, cbDest, NULL, NULL, 0);
3597 }
3598
3599 return hr;
3600 }
3601
3602 STRSAFE_INLINE_API StringCchGetsW(wchar_t* pszDest, size_t cchDest)
3603 {
3604 HRESULT hr;
3605
3606 if (cchDest > STRSAFE_MAX_CCH)
3607 {
3608 hr = STRSAFE_E_INVALID_PARAMETER;
3609 }
3610 else
3611 {
3612 size_t cbDest;
3613
3614 // safe to multiply cchDest * sizeof(wchar_t) since cchDest < STRSAFE_MAX_CCH and sizeof(wchar_t) is 2
3615 cbDest = cchDest * sizeof(wchar_t);
3616
3617 hr = StringGetsExWorkerW(pszDest, cchDest, cbDest, NULL, NULL, 0);
3618 }
3619
3620 return hr;
3621 }
3622 #endif // !STRSAFE_NO_CCH_FUNCTIONS
3623 #endif // !STRSAFE_LIB_IMPL
3624
3625 #ifndef STRSAFE_NO_CB_FUNCTIONS
3626 /*++
3627
3628 STDAPI
3629 StringCbGets(
3630 OUT LPTSTR pszDest,
3631 IN size_t cbDest
3632 );
3633
3634 Routine Description:
3635
3636 This routine is a safer version of the C built-in function 'gets'.
3637 The size of the destination buffer (in bytes) is a parameter and
3638 this function will not write past the end of this buffer and it will
3639 ALWAYS null terminate the destination buffer (unless it is zero length).
3640
3641 This routine is not a replacement for fgets. That function does not replace
3642 newline characters with a null terminator.
3643
3644 This function returns a hresult, and not a pointer. It returns
3645 S_OK if any characters were read from stdin and copied to pszDest
3646 and pszDest was null terminated, otherwise it will return a failure code.
3647
3648 Arguments:
3649
3650 pszDest - destination string
3651
3652 cbDest - size of destination buffer in bytes.
3653
3654 Notes:
3655 pszDest should not be NULL. See StringCbGetsEx if you require the handling
3656 of NULL values.
3657
3658 cbDest must be > sizeof(TCHAR) for this function to succeed.
3659
3660 Return Value:
3661
3662 S_OK - data was read from stdin and copied, and the resultant
3663 dest string was null terminated
3664
3665 failure - you can use the macro HRESULT_CODE() to get a win32
3666 error code for all hresult failure cases
3667
3668 STRSAFE_E_END_OF_FILE /
3669 HRESULT_CODE(hr) == ERROR_HANDLE_EOF
3670 - this return value indicates an error or end-of-file
3671 condition, use feof or ferror to determine which one has
3672 occured.
3673
3674 STRSAFE_E_INSUFFICIENT_BUFFER /
3675 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
3676 - this return value is an indication that there was
3677 insufficient space in the destination buffer to copy any
3678 data
3679
3680 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
3681 return value of this function.
3682
3683 --*/
3684
3685 #ifndef STRSAFE_LIB_IMPL
3686 STRSAFE_INLINE_API StringCbGetsA(char* pszDest, size_t cbDest);
3687 STRSAFE_INLINE_API StringCbGetsW(wchar_t* pszDest, size_t cbDest);
3688 #ifdef UNICODE
3689 #define StringCbGets StringCbGetsW
3690 #else
3691 #define StringCbGets StringCbGetsA
3692 #endif // !UNICODE
3693
3694 STRSAFE_INLINE_API StringCbGetsA(char* pszDest, size_t cbDest)
3695 {
3696 HRESULT hr;
3697 size_t cchDest;
3698
3699 // convert to count of characters
3700 cchDest = cbDest / sizeof(char);
3701
3702 if (cchDest > STRSAFE_MAX_CCH)
3703 {
3704 hr = STRSAFE_E_INVALID_PARAMETER;
3705 }
3706 else
3707 {
3708 hr = StringGetsExWorkerA(pszDest, cchDest, cbDest, NULL, NULL, 0);
3709 }
3710
3711 return hr;
3712 }
3713
3714 STRSAFE_INLINE_API StringCbGetsW(wchar_t* pszDest, size_t cbDest)
3715 {
3716 HRESULT hr;
3717 size_t cchDest;
3718
3719 // convert to count of characters
3720 cchDest = cbDest / sizeof(wchar_t);
3721
3722 if (cchDest > STRSAFE_MAX_CCH)
3723 {
3724 hr = STRSAFE_E_INVALID_PARAMETER;
3725 }
3726 else
3727 {
3728 hr = StringGetsExWorkerW(pszDest, cchDest, cbDest, NULL, NULL, 0);
3729 }
3730
3731 return hr;
3732 }
3733 #endif // !STRSAFE_NO_CB_FUNCTIONS
3734 #endif // !STRSAFE_LIB_IMPL
3735
3736 #ifndef STRSAFE_NO_CCH_FUNCTIONS
3737 /*++
3738
3739 STDAPI
3740 StringCchGetsEx(
3741 OUT LPTSTR pszDest OPTIONAL,
3742 IN size_t cchDest,
3743 OUT LPTSTR* ppszDestEnd OPTIONAL,
3744 OUT size_t* pcchRemaining OPTIONAL,
3745 IN DWORD dwFlags
3746 );
3747
3748 Routine Description:
3749
3750 This routine is a safer version of the C built-in function 'gets' with
3751 some additional parameters. In addition to functionality provided by
3752 StringCchGets, this routine also returns a pointer to the end of the
3753 destination string and the number of characters left in the destination string
3754 including the null terminator. The flags parameter allows additional controls.
3755
3756 Arguments:
3757
3758 pszDest - destination string
3759
3760 cchDest - size of destination buffer in characters.
3761
3762 ppszDestEnd - if ppszDestEnd is non-null, the function will return a
3763 pointer to the end of the destination string. If the
3764 function copied any data, the result will point to the
3765 null termination character
3766
3767 pcchRemaining - if pcchRemaining is non-null, the function will return the
3768 number of characters left in the destination string,
3769 including the null terminator
3770
3771 dwFlags - controls some details of the string copy:
3772
3773 STRSAFE_FILL_BEHIND_NULL
3774 if the function succeeds, the low byte of dwFlags will be
3775 used to fill the uninitialize part of destination buffer
3776 behind the null terminator
3777
3778 STRSAFE_IGNORE_NULLS
3779 treat NULL string pointers like empty strings (TEXT("")).
3780
3781 STRSAFE_FILL_ON_FAILURE
3782 if the function fails, the low byte of dwFlags will be
3783 used to fill all of the destination buffer, and it will
3784 be null terminated.
3785
3786 STRSAFE_NO_TRUNCATION /
3787 STRSAFE_NULL_ON_FAILURE
3788 if the function fails, the destination buffer will be set
3789 to the empty string.
3790
3791 Notes:
3792 pszDest should not be NULL unless the STRSAFE_IGNORE_NULLS flag is specified.
3793 If STRSAFE_IGNORE_NULLS is passed and pszDest is NULL, an error may still be
3794 returned even though NULLS are ignored
3795
3796 cchDest must be > 1 for this function to succeed.
3797
3798 Return Value:
3799
3800 S_OK - data was read from stdin and copied, and the resultant
3801 dest string was null terminated
3802
3803 failure - you can use the macro HRESULT_CODE() to get a win32
3804 error code for all hresult failure cases
3805
3806 STRSAFE_E_END_OF_FILE /
3807 HRESULT_CODE(hr) == ERROR_HANDLE_EOF
3808 - this return value indicates an error or end-of-file
3809 condition, use feof or ferror to determine which one has
3810 occured.
3811
3812 STRSAFE_E_INSUFFICIENT_BUFFER /
3813 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
3814 - this return value is an indication that there was
3815 insufficient space in the destination buffer to copy any
3816 data
3817
3818 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
3819 return value of this function.
3820
3821 --*/
3822
3823 #ifndef STRSAFE_LIB_IMPL
3824 STRSAFE_INLINE_API StringCchGetsExA(char* pszDest, size_t cchDest, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
3825 STRSAFE_INLINE_API StringCchGetsExW(wchar_t* pszDest, size_t cchDest, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags);
3826 #ifdef UNICODE
3827 #define StringCchGetsEx StringCchGetsExW
3828 #else
3829 #define StringCchGetsEx StringCchGetsExA
3830 #endif // !UNICODE
3831
3832 STRSAFE_INLINE_API StringCchGetsExA(char* pszDest, size_t cchDest, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
3833 {
3834 HRESULT hr;
3835
3836 if (cchDest > STRSAFE_MAX_CCH)
3837 {
3838 hr = STRSAFE_E_INVALID_PARAMETER;
3839 }
3840 else
3841 {
3842 size_t cbDest;
3843
3844 // safe to multiply cchDest * sizeof(char) since cchDest < STRSAFE_MAX_CCH and sizeof(char) is 1
3845 cbDest = cchDest * sizeof(char);
3846
3847 hr = StringGetsExWorkerA(pszDest, cchDest, cbDest, ppszDestEnd, pcchRemaining, dwFlags);
3848 }
3849
3850 return hr;
3851 }
3852
3853 STRSAFE_INLINE_API StringCchGetsExW(wchar_t* pszDest, size_t cchDest, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
3854 {
3855 HRESULT hr;
3856
3857 if (cchDest > STRSAFE_MAX_CCH)
3858 {
3859 hr = STRSAFE_E_INVALID_PARAMETER;
3860 }
3861 else
3862 {
3863 size_t cbDest;
3864
3865 // safe to multiply cchDest * sizeof(wchar_t) since cchDest < STRSAFE_MAX_CCH and sizeof(wchar_t) is 2
3866 cbDest = cchDest * sizeof(wchar_t);
3867
3868 hr = StringGetsExWorkerW(pszDest, cchDest, cbDest, ppszDestEnd, pcchRemaining, dwFlags);
3869 }
3870
3871 return hr;
3872 }
3873 #endif // !STRSAFE_NO_CCH_FUNCTIONS
3874 #endif // !STRSAFE_LIB_IMPL
3875
3876 #ifndef STRSAFE_NO_CB_FUNCTIONS
3877 /*++
3878
3879 STDAPI
3880 StringCbGetsEx(
3881 OUT LPTSTR pszDest OPTIONAL,
3882 IN size_t cbDest,
3883 OUT LPTSTR* ppszDestEnd OPTIONAL,
3884 OUT size_t* pcbRemaining OPTIONAL,
3885 IN DWORD dwFlags
3886 );
3887
3888 Routine Description:
3889
3890 This routine is a safer version of the C built-in function 'gets' with
3891 some additional parameters. In addition to functionality provided by
3892 StringCbGets, this routine also returns a pointer to the end of the
3893 destination string and the number of characters left in the destination string
3894 including the null terminator. The flags parameter allows additional controls.
3895
3896 Arguments:
3897
3898 pszDest - destination string
3899
3900 cbDest - size of destination buffer in bytes.
3901
3902 ppszDestEnd - if ppszDestEnd is non-null, the function will return a
3903 pointer to the end of the destination string. If the
3904 function copied any data, the result will point to the
3905 null termination character
3906
3907 pcbRemaining - if pbRemaining is non-null, the function will return the
3908 number of bytes left in the destination string,
3909 including the null terminator
3910
3911 dwFlags - controls some details of the string copy:
3912
3913 STRSAFE_FILL_BEHIND_NULL
3914 if the function succeeds, the low byte of dwFlags will be
3915 used to fill the uninitialize part of destination buffer
3916 behind the null terminator
3917
3918 STRSAFE_IGNORE_NULLS
3919 treat NULL string pointers like empty strings (TEXT("")).
3920
3921 STRSAFE_FILL_ON_FAILURE
3922 if the function fails, the low byte of dwFlags will be
3923 used to fill all of the destination buffer, and it will
3924 be null terminated.
3925
3926 STRSAFE_NO_TRUNCATION /
3927 STRSAFE_NULL_ON_FAILURE
3928 if the function fails, the destination buffer will be set
3929 to the empty string.
3930
3931 Notes:
3932 pszDest should not be NULL unless the STRSAFE_IGNORE_NULLS flag is specified.
3933 If STRSAFE_IGNORE_NULLS is passed and pszDest is NULL, an error may still be
3934 returned even though NULLS are ignored
3935
3936 cbDest must be > sizeof(TCHAR) for this function to succeed
3937
3938 Return Value:
3939
3940 S_OK - data was read from stdin and copied, and the resultant
3941 dest string was null terminated
3942
3943 failure - you can use the macro HRESULT_CODE() to get a win32
3944 error code for all hresult failure cases
3945
3946 STRSAFE_E_END_OF_FILE /
3947 HRESULT_CODE(hr) == ERROR_HANDLE_EOF
3948 - this return value indicates an error or end-of-file
3949 condition, use feof or ferror to determine which one has
3950 occured.
3951
3952 STRSAFE_E_INSUFFICIENT_BUFFER /
3953 HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER
3954 - this return value is an indication that there was
3955 insufficient space in the destination buffer to copy any
3956 data
3957
3958 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
3959 return value of this function.
3960
3961 --*/
3962
3963 #ifndef STRSAFE_LIB_IMPL
3964 STRSAFE_INLINE_API StringCbGetsExA(char* pszDest, size_t cbDest, char** ppszDestEnd, size_t* pbRemaining, unsigned long dwFlags);
3965 STRSAFE_INLINE_API StringCbGetsExW(wchar_t* pszDest, size_t cbDest, wchar_t** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags);
3966 #ifdef UNICODE
3967 #define StringCbGetsEx StringCbGetsExW
3968 #else
3969 #define StringCbGetsEx StringCbGetsExA
3970 #endif // !UNICODE
3971
3972 STRSAFE_INLINE_API StringCbGetsExA(char* pszDest, size_t cbDest, char** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags)
3973 {
3974 HRESULT hr;
3975 size_t cchDest;
3976 size_t cchRemaining = 0;
3977
3978 cchDest = cbDest / sizeof(char);
3979
3980 if (cchDest > STRSAFE_MAX_CCH)
3981 {
3982 hr = STRSAFE_E_INVALID_PARAMETER;
3983 }
3984 else
3985 {
3986 hr = StringGetsExWorkerA(pszDest, cchDest, cbDest, ppszDestEnd, &cchRemaining, dwFlags);
3987 }
3988
3989 if (SUCCEEDED(hr) ||
3990 (hr == STRSAFE_E_INSUFFICIENT_BUFFER) ||
3991 (hr == STRSAFE_E_END_OF_FILE))
3992 {
3993 if (pcbRemaining)
3994 {
3995 // safe to multiply cchRemaining * sizeof(char) since cchRemaining < STRSAFE_MAX_CCH and sizeof(char) is 1
3996 *pcbRemaining = (cchRemaining * sizeof(char)) + (cbDest % sizeof(char));
3997 }
3998 }
3999
4000 return hr;
4001 }
4002
4003 STRSAFE_INLINE_API StringCbGetsExW(wchar_t* pszDest, size_t cbDest, wchar_t** ppszDestEnd, size_t* pcbRemaining, unsigned long dwFlags)
4004 {
4005 HRESULT hr;
4006 size_t cchDest;
4007 size_t cchRemaining = 0;
4008
4009 cchDest = cbDest / sizeof(wchar_t);
4010
4011 if (cchDest > STRSAFE_MAX_CCH)
4012 {
4013 hr = STRSAFE_E_INVALID_PARAMETER;
4014 }
4015 else
4016 {
4017 hr = StringGetsExWorkerW(pszDest, cchDest, cbDest, ppszDestEnd, &cchRemaining, dwFlags);
4018 }
4019
4020 if (SUCCEEDED(hr) ||
4021 (hr == STRSAFE_E_INSUFFICIENT_BUFFER) ||
4022 (hr == STRSAFE_E_END_OF_FILE))
4023 {
4024 if (pcbRemaining)
4025 {
4026 // safe to multiply cchRemaining * sizeof(wchar_t) since cchRemaining < STRSAFE_MAX_CCH and sizeof(wchar_t) is 2
4027 *pcbRemaining = (cchRemaining * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t));
4028 }
4029 }
4030
4031 return hr;
4032 }
4033 #endif // !STRSAFE_NO_CB_FUNCTIONS
4034 #endif // !STRSAFE_LIB_IMPL
4035
4036 #ifndef STRSAFE_NO_CCH_FUNCTIONS
4037 /*++
4038
4039 STDAPI
4040 StringCchLength(
4041 IN LPCTSTR psz,
4042 IN size_t cchMax,
4043 OUT size_t* pcch OPTIONAL
4044 );
4045
4046 Routine Description:
4047
4048 This routine is a safer version of the C built-in function 'strlen'.
4049 It is used to make sure a string is not larger than a given length, and
4050 it optionally returns the current length in characters not including
4051 the null terminator.
4052
4053 This function returns a hresult, and not a pointer. It returns
4054 S_OK if the string is non-null and the length including the null
4055 terminator is less than or equal to cchMax characters.
4056
4057 Arguments:
4058
4059 psz - string to check the length of
4060
4061 cchMax - maximum number of characters including the null terminator
4062 that psz is allowed to contain
4063
4064 pcch - if the function succeeds and pcch is non-null, the current length
4065 in characters of psz excluding the null terminator will be returned.
4066 This out parameter is equivalent to the return value of strlen(psz)
4067
4068 Notes:
4069 psz can be null but the function will fail
4070
4071 cchMax should be greater than zero or the function will fail
4072
4073 Return Value:
4074
4075 S_OK - psz is non-null and the length including the null
4076 terminator is less than or equal to cchMax characters
4077
4078 failure - you can use the macro HRESULT_CODE() to get a win32
4079 error code for all hresult failure cases
4080
4081 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
4082 return value of this function.
4083
4084 --*/
4085
4086 STRSAFEAPI StringCchLengthA(const char* psz, size_t cchMax, size_t* pcch);
4087 STRSAFEAPI StringCchLengthW(const wchar_t* psz, size_t cchMax, size_t* pcch);
4088 #ifdef UNICODE
4089 #define StringCchLength StringCchLengthW
4090 #else
4091 #define StringCchLength StringCchLengthA
4092 #endif // !UNICODE
4093
4094 #ifdef STRSAFE_INLINE
4095 STRSAFEAPI StringCchLengthA(const char* psz, size_t cchMax, size_t* pcch)
4096 {
4097 HRESULT hr;
4098
4099 if ((psz == NULL) || (cchMax > STRSAFE_MAX_CCH))
4100 {
4101 hr = STRSAFE_E_INVALID_PARAMETER;
4102 }
4103 else
4104 {
4105 hr = StringLengthWorkerA(psz, cchMax, pcch);
4106 }
4107
4108 return hr;
4109 }
4110
4111 STRSAFEAPI StringCchLengthW(const wchar_t* psz, size_t cchMax, size_t* pcch)
4112 {
4113 HRESULT hr;
4114
4115 if ((psz == NULL) || (cchMax > STRSAFE_MAX_CCH))
4116 {
4117 hr = STRSAFE_E_INVALID_PARAMETER;
4118 }
4119 else
4120 {
4121 hr = StringLengthWorkerW(psz, cchMax, pcch);
4122 }
4123
4124 return hr;
4125 }
4126 #endif // STRSAFE_INLINE
4127 #endif // !STRSAFE_NO_CCH_FUNCTIONS
4128
4129
4130 #ifndef STRSAFE_NO_CB_FUNCTIONS
4131 /*++
4132
4133 STDAPI
4134 StringCbLength(
4135 IN LPCTSTR psz,
4136 IN size_t cbMax,
4137 OUT size_t* pcb OPTIONAL
4138 );
4139
4140 Routine Description:
4141
4142 This routine is a safer version of the C built-in function 'strlen'.
4143 It is used to make sure a string is not larger than a given length, and
4144 it optionally returns the current length in bytes not including
4145 the null terminator.
4146
4147 This function returns a hresult, and not a pointer. It returns
4148 S_OK if the string is non-null and the length including the null
4149 terminator is less than or equal to cbMax bytes.
4150
4151 Arguments:
4152
4153 psz - string to check the length of
4154
4155 cbMax - maximum number of bytes including the null terminator
4156 that psz is allowed to contain
4157
4158 pcb - if the function succeeds and pcb is non-null, the current length
4159 in bytes of psz excluding the null terminator will be returned.
4160 This out parameter is equivalent to the return value of strlen(psz) * sizeof(TCHAR)
4161
4162 Notes:
4163 psz can be null but the function will fail
4164
4165 cbMax should be greater than or equal to sizeof(TCHAR) or the function will fail
4166
4167 Return Value:
4168
4169 S_OK - psz is non-null and the length including the null
4170 terminator is less than or equal to cbMax bytes
4171
4172 failure - you can use the macro HRESULT_CODE() to get a win32
4173 error code for all hresult failure cases
4174
4175 It is strongly recommended to use the SUCCEEDED() / FAILED() macros to test the
4176 return value of this function.
4177
4178 --*/
4179
4180 STRSAFEAPI StringCbLengthA(const char* psz, size_t cchMax, size_t* pcch);
4181 STRSAFEAPI StringCbLengthW(const wchar_t* psz, size_t cchMax, size_t* pcch);
4182 #ifdef UNICODE
4183 #define StringCbLength StringCbLengthW
4184 #else
4185 #define StringCbLength StringCbLengthA
4186 #endif // !UNICODE
4187
4188 #ifdef STRSAFE_INLINE
4189 STRSAFEAPI StringCbLengthA(const char* psz, size_t cbMax, size_t* pcb)
4190 {
4191 HRESULT hr;
4192 size_t cchMax;
4193 size_t cch = 0;
4194
4195 cchMax = cbMax / sizeof(char);
4196
4197 if ((psz == NULL) || (cchMax > STRSAFE_MAX_CCH))
4198 {
4199 hr = STRSAFE_E_INVALID_PARAMETER;
4200 }
4201 else
4202 {
4203 hr = StringLengthWorkerA(psz, cchMax, &cch);
4204 }
4205
4206 if (SUCCEEDED(hr) && pcb)
4207 {
4208 // safe to multiply cch * sizeof(char) since cch < STRSAFE_MAX_CCH and sizeof(char) is 1
4209 *pcb = cch * sizeof(char);
4210 }
4211
4212 return hr;
4213 }
4214
4215 STRSAFEAPI StringCbLengthW(const wchar_t* psz, size_t cbMax, size_t* pcb)
4216 {
4217 HRESULT hr;
4218 size_t cchMax;
4219 size_t cch = 0;
4220
4221 cchMax = cbMax / sizeof(wchar_t);
4222
4223 if ((psz == NULL) || (cchMax > STRSAFE_MAX_CCH))
4224 {
4225 hr = STRSAFE_E_INVALID_PARAMETER;
4226 }
4227 else
4228 {
4229 hr = StringLengthWorkerW(psz, cchMax, &cch);
4230 }
4231
4232 if (SUCCEEDED(hr) && pcb)
4233 {
4234 // safe to multiply cch * sizeof(wchar_t) since cch < STRSAFE_MAX_CCH and sizeof(wchar_t) is 2
4235 *pcb = cch * sizeof(wchar_t);
4236 }
4237
4238 return hr;
4239 }
4240 #endif // STRSAFE_INLINE
4241 #endif // !STRSAFE_NO_CB_FUNCTIONS
4242
4243
4244 // these are the worker functions that actually do the work
4245 #ifdef STRSAFE_INLINE
4246 STRSAFEAPI StringCopyWorkerA(char* pszDest, size_t cchDest, const char* pszSrc)
4247 {
4248 HRESULT hr = S_OK;
4249
4250 if (cchDest == 0)
4251 {
4252 // can not null terminate a zero-byte dest buffer
4253 hr = STRSAFE_E_INVALID_PARAMETER;
4254 }
4255 else
4256 {
4257 while (cchDest && (*pszSrc != '\0'))
4258 {
4259 *pszDest++ = *pszSrc++;
4260 cchDest--;
4261 }
4262
4263 if (cchDest == 0)
4264 {
4265 // we are going to truncate pszDest
4266 pszDest--;
4267 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
4268 }
4269
4270 *pszDest= '\0';
4271 }
4272
4273 return hr;
4274 }
4275
4276 STRSAFEAPI StringCopyWorkerW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc)
4277 {
4278 HRESULT hr = S_OK;
4279
4280 if (cchDest == 0)
4281 {
4282 // can not null terminate a zero-byte dest buffer
4283 hr = STRSAFE_E_INVALID_PARAMETER;
4284 }
4285 else
4286 {
4287 while (cchDest && (*pszSrc != L'\0'))
4288 {
4289 *pszDest++ = *pszSrc++;
4290 cchDest--;
4291 }
4292
4293 if (cchDest == 0)
4294 {
4295 // we are going to truncate pszDest
4296 pszDest--;
4297 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
4298 }
4299
4300 *pszDest= L'\0';
4301 }
4302
4303 return hr;
4304 }
4305
4306 STRSAFEAPI StringCopyExWorkerA(char* pszDest, size_t cchDest, size_t cbDest, const char* pszSrc, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
4307 {
4308 HRESULT hr = S_OK;
4309 char* pszDestEnd = pszDest;
4310 size_t cchRemaining = 0;
4311
4312 // ASSERT(cbDest == (cchDest * sizeof(char)) ||
4313 // cbDest == (cchDest * sizeof(char)) + (cbDest % sizeof(char)));
4314
4315 // only accept valid flags
4316 if (dwFlags & (~STRSAFE_VALID_FLAGS))
4317 {
4318 hr = STRSAFE_E_INVALID_PARAMETER;
4319 }
4320 else
4321 {
4322 if (dwFlags & STRSAFE_IGNORE_NULLS)
4323 {
4324 if (pszDest == NULL)
4325 {
4326 if ((cchDest != 0) || (cbDest != 0))
4327 {
4328 // NULL pszDest and non-zero cchDest/cbDest is invalid
4329 hr = STRSAFE_E_INVALID_PARAMETER;
4330 }
4331 }
4332
4333 if (pszSrc == NULL)
4334 {
4335 pszSrc = "";
4336 }
4337 }
4338
4339 if (SUCCEEDED(hr))
4340 {
4341 if (cchDest == 0)
4342 {
4343 pszDestEnd = pszDest;
4344 cchRemaining = 0;
4345
4346 // only fail if there was actually src data to copy
4347 if (*pszSrc != '\0')
4348 {
4349 if (pszDest == NULL)
4350 {
4351 hr = STRSAFE_E_INVALID_PARAMETER;
4352 }
4353 else
4354 {
4355 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
4356 }
4357 }
4358 }
4359 else
4360 {
4361 pszDestEnd = pszDest;
4362 cchRemaining = cchDest;
4363
4364 while (cchRemaining && (*pszSrc != '\0'))
4365 {
4366 *pszDestEnd++= *pszSrc++;
4367 cchRemaining--;
4368 }
4369
4370 if (cchRemaining > 0)
4371 {
4372 if (dwFlags & STRSAFE_FILL_BEHIND_NULL)
4373 {
4374 memset(pszDestEnd + 1, STRSAFE_GET_FILL_PATTERN(dwFlags), ((cchRemaining - 1) * sizeof(char)) + (cbDest % sizeof(char)));
4375 }
4376 }
4377 else
4378 {
4379 // we are going to truncate pszDest
4380 pszDestEnd--;
4381 cchRemaining++;
4382
4383 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
4384 }
4385
4386 *pszDestEnd = '\0';
4387 }
4388 }
4389 }
4390
4391 if (FAILED(hr))
4392 {
4393 if (pszDest)
4394 {
4395 if (dwFlags & STRSAFE_FILL_ON_FAILURE)
4396 {
4397 memset(pszDest, STRSAFE_GET_FILL_PATTERN(dwFlags), cbDest);
4398
4399 if (STRSAFE_GET_FILL_PATTERN(dwFlags) == 0)
4400 {
4401 pszDestEnd = pszDest;
4402 cchRemaining = cchDest;
4403 }
4404 else if (cchDest > 0)
4405 {
4406 pszDestEnd = pszDest + cchDest - 1;
4407 cchRemaining = 1;
4408
4409 // null terminate the end of the string
4410 *pszDestEnd = '\0';
4411 }
4412 }
4413
4414 if (dwFlags & (STRSAFE_NULL_ON_FAILURE | STRSAFE_NO_TRUNCATION))
4415 {
4416 if (cchDest > 0)
4417 {
4418 pszDestEnd = pszDest;
4419 cchRemaining = cchDest;
4420
4421 // null terminate the beginning of the string
4422 *pszDestEnd = '\0';
4423 }
4424 }
4425 }
4426 }
4427
4428 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
4429 {
4430 if (ppszDestEnd)
4431 {
4432 *ppszDestEnd = pszDestEnd;
4433 }
4434
4435 if (pcchRemaining)
4436 {
4437 *pcchRemaining = cchRemaining;
4438 }
4439 }
4440
4441 return hr;
4442 }
4443
4444 STRSAFEAPI StringCopyExWorkerW(wchar_t* pszDest, size_t cchDest, size_t cbDest, const wchar_t* pszSrc, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
4445 {
4446 HRESULT hr = S_OK;
4447 wchar_t* pszDestEnd = pszDest;
4448 size_t cchRemaining = 0;
4449
4450 // ASSERT(cbDest == (cchDest * sizeof(wchar_t)) ||
4451 // cbDest == (cchDest * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t)));
4452
4453 // only accept valid flags
4454 if (dwFlags & (~STRSAFE_VALID_FLAGS))
4455 {
4456 hr = STRSAFE_E_INVALID_PARAMETER;
4457 }
4458 else
4459 {
4460 if (dwFlags & STRSAFE_IGNORE_NULLS)
4461 {
4462 if (pszDest == NULL)
4463 {
4464 if ((cchDest != 0) || (cbDest != 0))
4465 {
4466 // NULL pszDest and non-zero cchDest/cbDest is invalid
4467 hr = STRSAFE_E_INVALID_PARAMETER;
4468 }
4469 }
4470
4471 if (pszSrc == NULL)
4472 {
4473 pszSrc = L"";
4474 }
4475 }
4476
4477 if (SUCCEEDED(hr))
4478 {
4479 if (cchDest == 0)
4480 {
4481 pszDestEnd = pszDest;
4482 cchRemaining = 0;
4483
4484 // only fail if there was actually src data to copy
4485 if (*pszSrc != L'\0')
4486 {
4487 if (pszDest == NULL)
4488 {
4489 hr = STRSAFE_E_INVALID_PARAMETER;
4490 }
4491 else
4492 {
4493 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
4494 }
4495 }
4496 }
4497 else
4498 {
4499 pszDestEnd = pszDest;
4500 cchRemaining = cchDest;
4501
4502 while (cchRemaining && (*pszSrc != L'\0'))
4503 {
4504 *pszDestEnd++= *pszSrc++;
4505 cchRemaining--;
4506 }
4507
4508 if (cchRemaining > 0)
4509 {
4510 if (dwFlags & STRSAFE_FILL_BEHIND_NULL)
4511 {
4512 memset(pszDestEnd + 1, STRSAFE_GET_FILL_PATTERN(dwFlags), ((cchRemaining - 1) * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t)));
4513 }
4514 }
4515 else
4516 {
4517 // we are going to truncate pszDest
4518 pszDestEnd--;
4519 cchRemaining++;
4520
4521 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
4522 }
4523
4524 *pszDestEnd = L'\0';
4525 }
4526 }
4527 }
4528
4529 if (FAILED(hr))
4530 {
4531 if (pszDest)
4532 {
4533 if (dwFlags & STRSAFE_FILL_ON_FAILURE)
4534 {
4535 memset(pszDest, STRSAFE_GET_FILL_PATTERN(dwFlags), cbDest);
4536
4537 if (STRSAFE_GET_FILL_PATTERN(dwFlags) == 0)
4538 {
4539 pszDestEnd = pszDest;
4540 cchRemaining = cchDest;
4541 }
4542 else if (cchDest > 0)
4543 {
4544 pszDestEnd = pszDest + cchDest - 1;
4545 cchRemaining = 1;
4546
4547 // null terminate the end of the string
4548 *pszDestEnd = L'\0';
4549 }
4550 }
4551
4552 if (dwFlags & (STRSAFE_NULL_ON_FAILURE | STRSAFE_NO_TRUNCATION))
4553 {
4554 if (cchDest > 0)
4555 {
4556 pszDestEnd = pszDest;
4557 cchRemaining = cchDest;
4558
4559 // null terminate the beginning of the string
4560 *pszDestEnd = L'\0';
4561 }
4562 }
4563 }
4564 }
4565
4566 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
4567 {
4568 if (ppszDestEnd)
4569 {
4570 *ppszDestEnd = pszDestEnd;
4571 }
4572
4573 if (pcchRemaining)
4574 {
4575 *pcchRemaining = cchRemaining;
4576 }
4577 }
4578
4579 return hr;
4580 }
4581
4582 STRSAFEAPI StringCopyNWorkerA(char* pszDest, size_t cchDest, const char* pszSrc, size_t cchSrc)
4583 {
4584 HRESULT hr = S_OK;
4585
4586 if (cchDest == 0)
4587 {
4588 // can not null terminate a zero-byte dest buffer
4589 hr = STRSAFE_E_INVALID_PARAMETER;
4590 }
4591 else
4592 {
4593 while (cchDest && cchSrc && (*pszSrc != '\0'))
4594 {
4595 *pszDest++= *pszSrc++;
4596 cchDest--;
4597 cchSrc--;
4598 }
4599
4600 if (cchDest == 0)
4601 {
4602 // we are going to truncate pszDest
4603 pszDest--;
4604 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
4605 }
4606
4607 *pszDest= '\0';
4608 }
4609
4610 return hr;
4611 }
4612
4613 STRSAFEAPI StringCopyNWorkerW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc, size_t cchSrc)
4614 {
4615 HRESULT hr = S_OK;
4616
4617 if (cchDest == 0)
4618 {
4619 // can not null terminate a zero-byte dest buffer
4620 hr = STRSAFE_E_INVALID_PARAMETER;
4621 }
4622 else
4623 {
4624 while (cchDest && cchSrc && (*pszSrc != L'\0'))
4625 {
4626 *pszDest++= *pszSrc++;
4627 cchDest--;
4628 cchSrc--;
4629 }
4630
4631 if (cchDest == 0)
4632 {
4633 // we are going to truncate pszDest
4634 pszDest--;
4635 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
4636 }
4637
4638 *pszDest= L'\0';
4639 }
4640
4641 return hr;
4642 }
4643
4644 STRSAFEAPI StringCopyNExWorkerA(char* pszDest, size_t cchDest, size_t cbDest, const char* pszSrc, size_t cchSrc, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
4645 {
4646 HRESULT hr = S_OK;
4647 char* pszDestEnd = pszDest;
4648 size_t cchRemaining = 0;
4649
4650 // ASSERT(cbDest == (cchDest * sizeof(char)) ||
4651 // cbDest == (cchDest * sizeof(char)) + (cbDest % sizeof(char)));
4652
4653 // only accept valid flags
4654 if (dwFlags & (~STRSAFE_VALID_FLAGS))
4655 {
4656 hr = STRSAFE_E_INVALID_PARAMETER;
4657 }
4658 else
4659 {
4660 if (dwFlags & STRSAFE_IGNORE_NULLS)
4661 {
4662 if (pszDest == NULL)
4663 {
4664 if ((cchDest != 0) || (cbDest != 0))
4665 {
4666 // NULL pszDest and non-zero cchDest/cbDest is invalid
4667 hr = STRSAFE_E_INVALID_PARAMETER;
4668 }
4669 }
4670
4671 if (pszSrc == NULL)
4672 {
4673 pszSrc = "";
4674 }
4675 }
4676
4677 if (SUCCEEDED(hr))
4678 {
4679 if (cchDest == 0)
4680 {
4681 pszDestEnd = pszDest;
4682 cchRemaining = 0;
4683
4684 // only fail if there was actually src data to copy
4685 if (*pszSrc != '\0')
4686 {
4687 if (pszDest == NULL)
4688 {
4689 hr = STRSAFE_E_INVALID_PARAMETER;
4690 }
4691 else
4692 {
4693 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
4694 }
4695 }
4696 }
4697 else
4698 {
4699 pszDestEnd = pszDest;
4700 cchRemaining = cchDest;
4701
4702 while (cchRemaining && cchSrc && (*pszSrc != '\0'))
4703 {
4704 *pszDestEnd++= *pszSrc++;
4705 cchRemaining--;
4706 cchSrc--;
4707 }
4708
4709 if (cchRemaining > 0)
4710 {
4711 if (dwFlags & STRSAFE_FILL_BEHIND_NULL)
4712 {
4713 memset(pszDestEnd + 1, STRSAFE_GET_FILL_PATTERN(dwFlags), ((cchRemaining - 1) * sizeof(char)) + (cbDest % sizeof(char)));
4714 }
4715 }
4716 else
4717 {
4718 // we are going to truncate pszDest
4719 pszDestEnd--;
4720 cchRemaining++;
4721
4722 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
4723 }
4724
4725 *pszDestEnd = '\0';
4726 }
4727 }
4728 }
4729
4730 if (FAILED(hr))
4731 {
4732 if (pszDest)
4733 {
4734 if (dwFlags & STRSAFE_FILL_ON_FAILURE)
4735 {
4736 memset(pszDest, STRSAFE_GET_FILL_PATTERN(dwFlags), cbDest);
4737
4738 if (STRSAFE_GET_FILL_PATTERN(dwFlags) == 0)
4739 {
4740 pszDestEnd = pszDest;
4741 cchRemaining = cchDest;
4742 }
4743 else if (cchDest > 0)
4744 {
4745 pszDestEnd = pszDest + cchDest - 1;
4746 cchRemaining = 1;
4747
4748 // null terminate the end of the string
4749 *pszDestEnd = '\0';
4750 }
4751 }
4752
4753 if (dwFlags & (STRSAFE_NULL_ON_FAILURE | STRSAFE_NO_TRUNCATION))
4754 {
4755 if (cchDest > 0)
4756 {
4757 pszDestEnd = pszDest;
4758 cchRemaining = cchDest;
4759
4760 // null terminate the beginning of the string
4761 *pszDestEnd = '\0';
4762 }
4763 }
4764 }
4765 }
4766
4767 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
4768 {
4769 if (ppszDestEnd)
4770 {
4771 *ppszDestEnd = pszDestEnd;
4772 }
4773
4774 if (pcchRemaining)
4775 {
4776 *pcchRemaining = cchRemaining;
4777 }
4778 }
4779
4780 return hr;
4781 }
4782
4783 STRSAFEAPI StringCopyNExWorkerW(wchar_t* pszDest, size_t cchDest, size_t cbDest, const wchar_t* pszSrc, size_t cchSrc, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
4784 {
4785 HRESULT hr = S_OK;
4786 wchar_t* pszDestEnd = pszDest;
4787 size_t cchRemaining = 0;
4788
4789 // ASSERT(cbDest == (cchDest * sizeof(wchar_t)) ||
4790 // cbDest == (cchDest * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t)));
4791
4792 // only accept valid flags
4793 if (dwFlags & (~STRSAFE_VALID_FLAGS))
4794 {
4795 hr = STRSAFE_E_INVALID_PARAMETER;
4796 }
4797 else
4798 {
4799 if (dwFlags & STRSAFE_IGNORE_NULLS)
4800 {
4801 if (pszDest == NULL)
4802 {
4803 if ((cchDest != 0) || (cbDest != 0))
4804 {
4805 // NULL pszDest and non-zero cchDest/cbDest is invalid
4806 hr = STRSAFE_E_INVALID_PARAMETER;
4807 }
4808 }
4809
4810 if (pszSrc == NULL)
4811 {
4812 pszSrc = L"";
4813 }
4814 }
4815
4816 if (SUCCEEDED(hr))
4817 {
4818 if (cchDest == 0)
4819 {
4820 pszDestEnd = pszDest;
4821 cchRemaining = 0;
4822
4823 // only fail if there was actually src data to copy
4824 if (*pszSrc != L'\0')
4825 {
4826 if (pszDest == NULL)
4827 {
4828 hr = STRSAFE_E_INVALID_PARAMETER;
4829 }
4830 else
4831 {
4832 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
4833 }
4834 }
4835 }
4836 else
4837 {
4838 pszDestEnd = pszDest;
4839 cchRemaining = cchDest;
4840
4841 while (cchRemaining && cchSrc && (*pszSrc != L'\0'))
4842 {
4843 *pszDestEnd++= *pszSrc++;
4844 cchRemaining--;
4845 cchSrc--;
4846 }
4847
4848 if (cchRemaining > 0)
4849 {
4850 if (dwFlags & STRSAFE_FILL_BEHIND_NULL)
4851 {
4852 memset(pszDestEnd + 1, STRSAFE_GET_FILL_PATTERN(dwFlags), ((cchRemaining - 1) * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t)));
4853 }
4854 }
4855 else
4856 {
4857 // we are going to truncate pszDest
4858 pszDestEnd--;
4859 cchRemaining++;
4860
4861 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
4862 }
4863
4864 *pszDestEnd = L'\0';
4865 }
4866 }
4867 }
4868
4869 if (FAILED(hr))
4870 {
4871 if (pszDest)
4872 {
4873 if (dwFlags & STRSAFE_FILL_ON_FAILURE)
4874 {
4875 memset(pszDest, STRSAFE_GET_FILL_PATTERN(dwFlags), cbDest);
4876
4877 if (STRSAFE_GET_FILL_PATTERN(dwFlags) == 0)
4878 {
4879 pszDestEnd = pszDest;
4880 cchRemaining = cchDest;
4881 }
4882 else if (cchDest > 0)
4883 {
4884 pszDestEnd = pszDest + cchDest - 1;
4885 cchRemaining = 1;
4886
4887 // null terminate the end of the string
4888 *pszDestEnd = L'\0';
4889 }
4890 }
4891
4892 if (dwFlags & (STRSAFE_NULL_ON_FAILURE | STRSAFE_NO_TRUNCATION))
4893 {
4894 if (cchDest > 0)
4895 {
4896 pszDestEnd = pszDest;
4897 cchRemaining = cchDest;
4898
4899 // null terminate the beginning of the string
4900 *pszDestEnd = L'\0';
4901 }
4902 }
4903 }
4904 }
4905
4906 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
4907 {
4908 if (ppszDestEnd)
4909 {
4910 *ppszDestEnd = pszDestEnd;
4911 }
4912
4913 if (pcchRemaining)
4914 {
4915 *pcchRemaining = cchRemaining;
4916 }
4917 }
4918
4919 return hr;
4920 }
4921
4922 STRSAFEAPI StringCatWorkerA(char* pszDest, size_t cchDest, const char* pszSrc)
4923 {
4924 HRESULT hr;
4925 size_t cchDestCurrent;
4926
4927 hr = StringLengthWorkerA(pszDest, cchDest, &cchDestCurrent);
4928
4929 if (SUCCEEDED(hr))
4930 {
4931 hr = StringCopyWorkerA(pszDest + cchDestCurrent,
4932 cchDest - cchDestCurrent,
4933 pszSrc);
4934 }
4935
4936 return hr;
4937 }
4938
4939 STRSAFEAPI StringCatWorkerW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc)
4940 {
4941 HRESULT hr;
4942 size_t cchDestCurrent;
4943
4944 hr = StringLengthWorkerW(pszDest, cchDest, &cchDestCurrent);
4945
4946 if (SUCCEEDED(hr))
4947 {
4948 hr = StringCopyWorkerW(pszDest + cchDestCurrent,
4949 cchDest - cchDestCurrent,
4950 pszSrc);
4951 }
4952
4953 return hr;
4954 }
4955
4956 STRSAFEAPI StringCatExWorkerA(char* pszDest, size_t cchDest, size_t cbDest, const char* pszSrc, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
4957 {
4958 HRESULT hr = S_OK;
4959 char* pszDestEnd = pszDest;
4960 size_t cchRemaining = 0;
4961
4962 // ASSERT(cbDest == (cchDest * sizeof(char)) ||
4963 // cbDest == (cchDest * sizeof(char)) + (cbDest % sizeof(char)));
4964
4965 // only accept valid flags
4966 if (dwFlags & (~STRSAFE_VALID_FLAGS))
4967 {
4968 hr = STRSAFE_E_INVALID_PARAMETER;
4969 }
4970 else
4971 {
4972 size_t cchDestCurrent;
4973
4974 if (dwFlags & STRSAFE_IGNORE_NULLS)
4975 {
4976 if (pszDest == NULL)
4977 {
4978 if ((cchDest == 0) && (cbDest == 0))
4979 {
4980 cchDestCurrent = 0;
4981 }
4982 else
4983 {
4984 // NULL pszDest and non-zero cchDest/cbDest is invalid
4985 hr = STRSAFE_E_INVALID_PARAMETER;
4986 }
4987 }
4988 else
4989 {
4990 hr = StringLengthWorkerA(pszDest, cchDest, &cchDestCurrent);
4991
4992 if (SUCCEEDED(hr))
4993 {
4994 pszDestEnd = pszDest + cchDestCurrent;
4995 cchRemaining = cchDest - cchDestCurrent;
4996 }
4997 }
4998
4999 if (pszSrc == NULL)
5000 {
5001 pszSrc = "";
5002 }
5003 }
5004 else
5005 {
5006 hr = StringLengthWorkerA(pszDest, cchDest, &cchDestCurrent);
5007
5008 if (SUCCEEDED(hr))
5009 {
5010 pszDestEnd = pszDest + cchDestCurrent;
5011 cchRemaining = cchDest - cchDestCurrent;
5012 }
5013 }
5014
5015 if (SUCCEEDED(hr))
5016 {
5017 if (cchDest == 0)
5018 {
5019 // only fail if there was actually src data to append
5020 if (*pszSrc != '\0')
5021 {
5022 if (pszDest == NULL)
5023 {
5024 hr = STRSAFE_E_INVALID_PARAMETER;
5025 }
5026 else
5027 {
5028 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
5029 }
5030 }
5031 }
5032 else
5033 {
5034 // we handle the STRSAFE_FILL_ON_FAILURE and STRSAFE_NULL_ON_FAILURE cases below, so do not pass
5035 // those flags through
5036 hr = StringCopyExWorkerA(pszDestEnd,
5037 cchRemaining,
5038 (cchRemaining * sizeof(char)) + (cbDest % sizeof(char)),
5039 pszSrc,
5040 &pszDestEnd,
5041 &cchRemaining,
5042 dwFlags & (~(STRSAFE_FILL_ON_FAILURE | STRSAFE_NULL_ON_FAILURE)));
5043 }
5044 }
5045 }
5046
5047 if (FAILED(hr))
5048 {
5049 if (pszDest)
5050 {
5051 // STRSAFE_NO_TRUNCATION is taken care of by StringCopyExWorkerA()
5052
5053 if (dwFlags & STRSAFE_FILL_ON_FAILURE)
5054 {
5055 memset(pszDest, STRSAFE_GET_FILL_PATTERN(dwFlags), cbDest);
5056
5057 if (STRSAFE_GET_FILL_PATTERN(dwFlags) == 0)
5058 {
5059 pszDestEnd = pszDest;
5060 cchRemaining = cchDest;
5061 }
5062 else
5063 if (cchDest > 0)
5064 {
5065 pszDestEnd = pszDest + cchDest - 1;
5066 cchRemaining = 1;
5067
5068 // null terminate the end of the string
5069 *pszDestEnd = '\0';
5070 }
5071 }
5072
5073 if (dwFlags & STRSAFE_NULL_ON_FAILURE)
5074 {
5075 if (cchDest > 0)
5076 {
5077 pszDestEnd = pszDest;
5078 cchRemaining = cchDest;
5079
5080 // null terminate the beginning of the string
5081 *pszDestEnd = '\0';
5082 }
5083 }
5084 }
5085 }
5086
5087 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
5088 {
5089 if (ppszDestEnd)
5090 {
5091 *ppszDestEnd = pszDestEnd;
5092 }
5093
5094 if (pcchRemaining)
5095 {
5096 *pcchRemaining = cchRemaining;
5097 }
5098 }
5099
5100 return hr;
5101 }
5102
5103 STRSAFEAPI StringCatExWorkerW(wchar_t* pszDest, size_t cchDest, size_t cbDest, const wchar_t* pszSrc, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
5104 {
5105 HRESULT hr = S_OK;
5106 wchar_t* pszDestEnd = pszDest;
5107 size_t cchRemaining = 0;
5108
5109 // ASSERT(cbDest == (cchDest * sizeof(wchar_t)) ||
5110 // cbDest == (cchDest * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t)));
5111
5112 // only accept valid flags
5113 if (dwFlags & (~STRSAFE_VALID_FLAGS))
5114 {
5115 hr = STRSAFE_E_INVALID_PARAMETER;
5116 }
5117 else
5118 {
5119 size_t cchDestCurrent;
5120
5121 if (dwFlags & STRSAFE_IGNORE_NULLS)
5122 {
5123 if (pszDest == NULL)
5124 {
5125 if ((cchDest == 0) && (cbDest == 0))
5126 {
5127 cchDestCurrent = 0;
5128 }
5129 else
5130 {
5131 // NULL pszDest and non-zero cchDest/cbDest is invalid
5132 hr = STRSAFE_E_INVALID_PARAMETER;
5133 }
5134 }
5135 else
5136 {
5137 hr = StringLengthWorkerW(pszDest, cchDest, &cchDestCurrent);
5138
5139 if (SUCCEEDED(hr))
5140 {
5141 pszDestEnd = pszDest + cchDestCurrent;
5142 cchRemaining = cchDest - cchDestCurrent;
5143 }
5144 }
5145
5146 if (pszSrc == NULL)
5147 {
5148 pszSrc = L"";
5149 }
5150 }
5151 else
5152 {
5153 hr = StringLengthWorkerW(pszDest, cchDest, &cchDestCurrent);
5154
5155 if (SUCCEEDED(hr))
5156 {
5157 pszDestEnd = pszDest + cchDestCurrent;
5158 cchRemaining = cchDest - cchDestCurrent;
5159 }
5160 }
5161
5162 if (SUCCEEDED(hr))
5163 {
5164 if (cchDest == 0)
5165 {
5166 // only fail if there was actually src data to append
5167 if (*pszSrc != L'\0')
5168 {
5169 if (pszDest == NULL)
5170 {
5171 hr = STRSAFE_E_INVALID_PARAMETER;
5172 }
5173 else
5174 {
5175 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
5176 }
5177 }
5178 }
5179 else
5180 {
5181 // we handle the STRSAFE_FILL_ON_FAILURE and STRSAFE_NULL_ON_FAILURE cases below, so do not pass
5182 // those flags through
5183 hr = StringCopyExWorkerW(pszDestEnd,
5184 cchRemaining,
5185 (cchRemaining * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t)),
5186 pszSrc,
5187 &pszDestEnd,
5188 &cchRemaining,
5189 dwFlags & (~(STRSAFE_FILL_ON_FAILURE | STRSAFE_NULL_ON_FAILURE)));
5190 }
5191 }
5192 }
5193
5194 if (FAILED(hr))
5195 {
5196 if (pszDest)
5197 {
5198 // STRSAFE_NO_TRUNCATION is taken care of by StringCopyExWorkerW()
5199
5200 if (dwFlags & STRSAFE_FILL_ON_FAILURE)
5201 {
5202 memset(pszDest, STRSAFE_GET_FILL_PATTERN(dwFlags), cbDest);
5203
5204 if (STRSAFE_GET_FILL_PATTERN(dwFlags) == 0)
5205 {
5206 pszDestEnd = pszDest;
5207 cchRemaining = cchDest;
5208 }
5209 else if (cchDest > 0)
5210 {
5211 pszDestEnd = pszDest + cchDest - 1;
5212 cchRemaining = 1;
5213
5214 // null terminate the end of the string
5215 *pszDestEnd = L'\0';
5216 }
5217 }
5218
5219 if (dwFlags & STRSAFE_NULL_ON_FAILURE)
5220 {
5221 if (cchDest > 0)
5222 {
5223 pszDestEnd = pszDest;
5224 cchRemaining = cchDest;
5225
5226 // null terminate the beginning of the string
5227 *pszDestEnd = L'\0';
5228 }
5229 }
5230 }
5231 }
5232
5233 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
5234 {
5235 if (ppszDestEnd)
5236 {
5237 *ppszDestEnd = pszDestEnd;
5238 }
5239
5240 if (pcchRemaining)
5241 {
5242 *pcchRemaining = cchRemaining;
5243 }
5244 }
5245
5246 return hr;
5247 }
5248
5249 STRSAFEAPI StringCatNWorkerA(char* pszDest, size_t cchDest, const char* pszSrc, size_t cchMaxAppend)
5250 {
5251 HRESULT hr;
5252 size_t cchDestCurrent;
5253
5254 hr = StringLengthWorkerA(pszDest, cchDest, &cchDestCurrent);
5255
5256 if (SUCCEEDED(hr))
5257 {
5258 hr = StringCopyNWorkerA(pszDest + cchDestCurrent,
5259 cchDest - cchDestCurrent,
5260 pszSrc,
5261 cchMaxAppend);
5262 }
5263
5264 return hr;
5265 }
5266
5267 STRSAFEAPI StringCatNWorkerW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszSrc, size_t cchMaxAppend)
5268 {
5269 HRESULT hr;
5270 size_t cchDestCurrent;
5271
5272 hr = StringLengthWorkerW(pszDest, cchDest, &cchDestCurrent);
5273
5274 if (SUCCEEDED(hr))
5275 {
5276 hr = StringCopyNWorkerW(pszDest + cchDestCurrent,
5277 cchDest - cchDestCurrent,
5278 pszSrc,
5279 cchMaxAppend);
5280 }
5281
5282 return hr;
5283 }
5284
5285 STRSAFEAPI StringCatNExWorkerA(char* pszDest, size_t cchDest, size_t cbDest, const char* pszSrc, size_t cchMaxAppend, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
5286 {
5287 HRESULT hr = S_OK;
5288 char* pszDestEnd = pszDest;
5289 size_t cchRemaining = 0;
5290 size_t cchDestCurrent = 0;
5291
5292 // ASSERT(cbDest == (cchDest * sizeof(char)) ||
5293 // cbDest == (cchDest * sizeof(char)) + (cbDest % sizeof(char)));
5294
5295 // only accept valid flags
5296 if (dwFlags & (~STRSAFE_VALID_FLAGS))
5297 {
5298 hr = STRSAFE_E_INVALID_PARAMETER;
5299 }
5300 else
5301 {
5302 if (dwFlags & STRSAFE_IGNORE_NULLS)
5303 {
5304 if (pszDest == NULL)
5305 {
5306 if ((cchDest == 0) && (cbDest == 0))
5307 {
5308 cchDestCurrent = 0;
5309 }
5310 else
5311 {
5312 // NULL pszDest and non-zero cchDest/cbDest is invalid
5313 hr = STRSAFE_E_INVALID_PARAMETER;
5314 }
5315 }
5316 else
5317 {
5318 hr = StringLengthWorkerA(pszDest, cchDest, &cchDestCurrent);
5319
5320 if (SUCCEEDED(hr))
5321 {
5322 pszDestEnd = pszDest + cchDestCurrent;
5323 cchRemaining = cchDest - cchDestCurrent;
5324 }
5325 }
5326
5327 if (pszSrc == NULL)
5328 {
5329 pszSrc = "";
5330 }
5331 }
5332 else
5333 {
5334 hr = StringLengthWorkerA(pszDest, cchDest, &cchDestCurrent);
5335
5336 if (SUCCEEDED(hr))
5337 {
5338 pszDestEnd = pszDest + cchDestCurrent;
5339 cchRemaining = cchDest - cchDestCurrent;
5340 }
5341 }
5342
5343 if (SUCCEEDED(hr))
5344 {
5345 if (cchDest == 0)
5346 {
5347 // only fail if there was actually src data to append
5348 if (*pszSrc != '\0')
5349 {
5350 if (pszDest == NULL)
5351 {
5352 hr = STRSAFE_E_INVALID_PARAMETER;
5353 }
5354 else
5355 {
5356 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
5357 }
5358 }
5359 }
5360 else
5361 {
5362 // we handle the STRSAFE_FILL_ON_FAILURE and STRSAFE_NULL_ON_FAILURE cases below, so do not pass
5363 // those flags through
5364 hr = StringCopyNExWorkerA(pszDestEnd,
5365 cchRemaining,
5366 (cchRemaining * sizeof(char)) + (cbDest % sizeof(char)),
5367 pszSrc,
5368 cchMaxAppend,
5369 &pszDestEnd,
5370 &cchRemaining,
5371 dwFlags & (~(STRSAFE_FILL_ON_FAILURE | STRSAFE_NULL_ON_FAILURE)));
5372 }
5373 }
5374 }
5375
5376 if (FAILED(hr))
5377 {
5378 if (pszDest)
5379 {
5380 // STRSAFE_NO_TRUNCATION is taken care of by StringCopyNExWorkerA()
5381
5382 if (dwFlags & STRSAFE_FILL_ON_FAILURE)
5383 {
5384 memset(pszDest, STRSAFE_GET_FILL_PATTERN(dwFlags), cbDest);
5385
5386 if (STRSAFE_GET_FILL_PATTERN(dwFlags) == 0)
5387 {
5388 pszDestEnd = pszDest;
5389 cchRemaining = cchDest;
5390 }
5391 else if (cchDest > 0)
5392 {
5393 pszDestEnd = pszDest + cchDest - 1;
5394 cchRemaining = 1;
5395
5396 // null terminate the end of the string
5397 *pszDestEnd = '\0';
5398 }
5399 }
5400
5401 if (dwFlags & (STRSAFE_NULL_ON_FAILURE))
5402 {
5403 if (cchDest > 0)
5404 {
5405 pszDestEnd = pszDest;
5406 cchRemaining = cchDest;
5407
5408 // null terminate the beginning of the string
5409 *pszDestEnd = '\0';
5410 }
5411 }
5412 }
5413 }
5414
5415 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
5416 {
5417 if (ppszDestEnd)
5418 {
5419 *ppszDestEnd = pszDestEnd;
5420 }
5421
5422 if (pcchRemaining)
5423 {
5424 *pcchRemaining = cchRemaining;
5425 }
5426 }
5427
5428 return hr;
5429 }
5430
5431 STRSAFEAPI StringCatNExWorkerW(wchar_t* pszDest, size_t cchDest, size_t cbDest, const wchar_t* pszSrc, size_t cchMaxAppend, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
5432 {
5433 HRESULT hr = S_OK;
5434 wchar_t* pszDestEnd = pszDest;
5435 size_t cchRemaining = 0;
5436 size_t cchDestCurrent = 0;
5437
5438
5439 // ASSERT(cbDest == (cchDest * sizeof(wchar_t)) ||
5440 // cbDest == (cchDest * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t)));
5441
5442 // only accept valid flags
5443 if (dwFlags & (~STRSAFE_VALID_FLAGS))
5444 {
5445 hr = STRSAFE_E_INVALID_PARAMETER;
5446 }
5447 else
5448 {
5449 if (dwFlags & STRSAFE_IGNORE_NULLS)
5450 {
5451 if (pszDest == NULL)
5452 {
5453 if ((cchDest == 0) && (cbDest == 0))
5454 {
5455 cchDestCurrent = 0;
5456 }
5457 else
5458 {
5459 // NULL pszDest and non-zero cchDest/cbDest is invalid
5460 hr = STRSAFE_E_INVALID_PARAMETER;
5461 }
5462 }
5463 else
5464 {
5465 hr = StringLengthWorkerW(pszDest, cchDest, &cchDestCurrent);
5466
5467 if (SUCCEEDED(hr))
5468 {
5469 pszDestEnd = pszDest + cchDestCurrent;
5470 cchRemaining = cchDest - cchDestCurrent;
5471 }
5472 }
5473
5474 if (pszSrc == NULL)
5475 {
5476 pszSrc = L"";
5477 }
5478 }
5479 else
5480 {
5481 hr = StringLengthWorkerW(pszDest, cchDest, &cchDestCurrent);
5482
5483 if (SUCCEEDED(hr))
5484 {
5485 pszDestEnd = pszDest + cchDestCurrent;
5486 cchRemaining = cchDest - cchDestCurrent;
5487 }
5488 }
5489
5490 if (SUCCEEDED(hr))
5491 {
5492 if (cchDest == 0)
5493 {
5494 // only fail if there was actually src data to append
5495 if (*pszSrc != L'\0')
5496 {
5497 if (pszDest == NULL)
5498 {
5499 hr = STRSAFE_E_INVALID_PARAMETER;
5500 }
5501 else
5502 {
5503 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
5504 }
5505 }
5506 }
5507 else
5508 {
5509 // we handle the STRSAFE_FILL_ON_FAILURE and STRSAFE_NULL_ON_FAILURE cases below, so do not pass
5510 // those flags through
5511 hr = StringCopyNExWorkerW(pszDestEnd,
5512 cchRemaining,
5513 (cchRemaining * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t)),
5514 pszSrc,
5515 cchMaxAppend,
5516 &pszDestEnd,
5517 &cchRemaining,
5518 dwFlags & (~(STRSAFE_FILL_ON_FAILURE | STRSAFE_NULL_ON_FAILURE)));
5519 }
5520 }
5521 }
5522
5523 if (FAILED(hr))
5524 {
5525 if (pszDest)
5526 {
5527 // STRSAFE_NO_TRUNCATION is taken care of by StringCopyNExWorkerW()
5528
5529 if (dwFlags & STRSAFE_FILL_ON_FAILURE)
5530 {
5531 memset(pszDest, STRSAFE_GET_FILL_PATTERN(dwFlags), cbDest);
5532
5533 if (STRSAFE_GET_FILL_PATTERN(dwFlags) == 0)
5534 {
5535 pszDestEnd = pszDest;
5536 cchRemaining = cchDest;
5537 }
5538 else if (cchDest > 0)
5539 {
5540 pszDestEnd = pszDest + cchDest - 1;
5541 cchRemaining = 1;
5542
5543 // null terminate the end of the string
5544 *pszDestEnd = L'\0';
5545 }
5546 }
5547
5548 if (dwFlags & (STRSAFE_NULL_ON_FAILURE))
5549 {
5550 if (cchDest > 0)
5551 {
5552 pszDestEnd = pszDest;
5553 cchRemaining = cchDest;
5554
5555 // null terminate the beginning of the string
5556 *pszDestEnd = L'\0';
5557 }
5558 }
5559 }
5560 }
5561
5562 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
5563 {
5564 if (ppszDestEnd)
5565 {
5566 *ppszDestEnd = pszDestEnd;
5567 }
5568
5569 if (pcchRemaining)
5570 {
5571 *pcchRemaining = cchRemaining;
5572 }
5573 }
5574
5575 return hr;
5576 }
5577
5578 STRSAFEAPI StringVPrintfWorkerA(char* pszDest, size_t cchDest, const char* pszFormat, va_list argList)
5579 {
5580 HRESULT hr = S_OK;
5581
5582 if (cchDest == 0)
5583 {
5584 // can not null terminate a zero-byte dest buffer
5585 hr = STRSAFE_E_INVALID_PARAMETER;
5586 }
5587 else
5588 {
5589 int iRet;
5590 size_t cchMax;
5591
5592 // leave the last space for the null terminator
5593 cchMax = cchDest - 1;
5594
5595 iRet = _vsnprintf(pszDest, cchMax, pszFormat, argList);
5596 // ASSERT((iRet < 0) || (((size_t)iRet) <= cchMax));
5597
5598 if ((iRet < 0) || (((size_t)iRet) > cchMax))
5599 {
5600 // need to null terminate the string
5601 pszDest += cchMax;
5602 *pszDest = '\0';
5603
5604 // we have truncated pszDest
5605 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
5606 }
5607 else if (((size_t)iRet) == cchMax)
5608 {
5609 // need to null terminate the string
5610 pszDest += cchMax;
5611 *pszDest = '\0';
5612 }
5613 }
5614
5615 return hr;
5616 }
5617
5618 STRSAFEAPI StringVPrintfWorkerW(wchar_t* pszDest, size_t cchDest, const wchar_t* pszFormat, va_list argList)
5619 {
5620 HRESULT hr = S_OK;
5621
5622 if (cchDest == 0)
5623 {
5624 // can not null terminate a zero-byte dest buffer
5625 hr = STRSAFE_E_INVALID_PARAMETER;
5626 }
5627 else
5628 {
5629 int iRet;
5630 size_t cchMax;
5631
5632 // leave the last space for the null terminator
5633 cchMax = cchDest - 1;
5634
5635 iRet = _vsnwprintf(pszDest, cchMax, pszFormat, argList);
5636 // ASSERT((iRet < 0) || (((size_t)iRet) <= cchMax));
5637
5638 if ((iRet < 0) || (((size_t)iRet) > cchMax))
5639 {
5640 // need to null terminate the string
5641 pszDest += cchMax;
5642 *pszDest = L'\0';
5643
5644 // we have truncated pszDest
5645 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
5646 }
5647 else if (((size_t)iRet) == cchMax)
5648 {
5649 // need to null terminate the string
5650 pszDest += cchMax;
5651 *pszDest = L'\0';
5652 }
5653 }
5654
5655 return hr;
5656 }
5657
5658 STRSAFEAPI StringVPrintfExWorkerA(char* pszDest, size_t cchDest, size_t cbDest, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags, const char* pszFormat, va_list argList)
5659 {
5660 HRESULT hr = S_OK;
5661 char* pszDestEnd = pszDest;
5662 size_t cchRemaining = 0;
5663
5664 // ASSERT(cbDest == (cchDest * sizeof(char)) ||
5665 // cbDest == (cchDest * sizeof(char)) + (cbDest % sizeof(char)));
5666
5667 // only accept valid flags
5668 if (dwFlags & (~STRSAFE_VALID_FLAGS))
5669 {
5670 hr = STRSAFE_E_INVALID_PARAMETER;
5671 }
5672 else
5673 {
5674 if (dwFlags & STRSAFE_IGNORE_NULLS)
5675 {
5676 if (pszDest == NULL)
5677 {
5678 if ((cchDest != 0) || (cbDest != 0))
5679 {
5680 // NULL pszDest and non-zero cchDest/cbDest is invalid
5681 hr = STRSAFE_E_INVALID_PARAMETER;
5682 }
5683 }
5684
5685 if (pszFormat == NULL)
5686 {
5687 pszFormat = "";
5688 }
5689 }
5690
5691 if (SUCCEEDED(hr))
5692 {
5693 if (cchDest == 0)
5694 {
5695 pszDestEnd = pszDest;
5696 cchRemaining = 0;
5697
5698 // only fail if there was actually a non-empty format string
5699 if (*pszFormat != '\0')
5700 {
5701 if (pszDest == NULL)
5702 {
5703 hr = STRSAFE_E_INVALID_PARAMETER;
5704 }
5705 else
5706 {
5707 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
5708 }
5709 }
5710 }
5711 else
5712 {
5713 int iRet;
5714 size_t cchMax;
5715
5716 // leave the last space for the null terminator
5717 cchMax = cchDest - 1;
5718
5719 iRet = _vsnprintf(pszDest, cchMax, pszFormat, argList);
5720 // ASSERT((iRet < 0) || (((size_t)iRet) <= cchMax));
5721
5722 if ((iRet < 0) || (((size_t)iRet) > cchMax))
5723 {
5724 // we have truncated pszDest
5725 pszDestEnd = pszDest + cchMax;
5726 cchRemaining = 1;
5727
5728 // need to null terminate the string
5729 *pszDestEnd = '\0';
5730
5731 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
5732 }
5733 else if (((size_t)iRet) == cchMax)
5734 {
5735 // string fit perfectly
5736 pszDestEnd = pszDest + cchMax;
5737 cchRemaining = 1;
5738
5739 // need to null terminate the string
5740 *pszDestEnd = '\0';
5741 }
5742 else if (((size_t)iRet) < cchMax)
5743 {
5744 // there is extra room
5745 pszDestEnd = pszDest + iRet;
5746 cchRemaining = cchDest - iRet;
5747
5748 if (dwFlags & STRSAFE_FILL_BEHIND_NULL)
5749 {
5750 memset(pszDestEnd + 1, STRSAFE_GET_FILL_PATTERN(dwFlags), ((cchRemaining - 1) * sizeof(char)) + (cbDest % sizeof(char)));
5751 }
5752 }
5753 }
5754 }
5755 }
5756
5757 if (FAILED(hr))
5758 {
5759 if (pszDest)
5760 {
5761 if (dwFlags & STRSAFE_FILL_ON_FAILURE)
5762 {
5763 memset(pszDest, STRSAFE_GET_FILL_PATTERN(dwFlags), cbDest);
5764
5765 if (STRSAFE_GET_FILL_PATTERN(dwFlags) == 0)
5766 {
5767 pszDestEnd = pszDest;
5768 cchRemaining = cchDest;
5769 }
5770 else if (cchDest > 0)
5771 {
5772 pszDestEnd = pszDest + cchDest - 1;
5773 cchRemaining = 1;
5774
5775 // null terminate the end of the string
5776 *pszDestEnd = '\0';
5777 }
5778 }
5779
5780 if (dwFlags & (STRSAFE_NULL_ON_FAILURE | STRSAFE_NO_TRUNCATION))
5781 {
5782 if (cchDest > 0)
5783 {
5784 pszDestEnd = pszDest;
5785 cchRemaining = cchDest;
5786
5787 // null terminate the beginning of the string
5788 *pszDestEnd = '\0';
5789 }
5790 }
5791 }
5792 }
5793
5794 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
5795 {
5796 if (ppszDestEnd)
5797 {
5798 *ppszDestEnd = pszDestEnd;
5799 }
5800
5801 if (pcchRemaining)
5802 {
5803 *pcchRemaining = cchRemaining;
5804 }
5805 }
5806
5807 return hr;
5808 }
5809
5810 STRSAFEAPI StringVPrintfExWorkerW(wchar_t* pszDest, size_t cchDest, size_t cbDest, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags, const wchar_t* pszFormat, va_list argList)
5811 {
5812 HRESULT hr = S_OK;
5813 wchar_t* pszDestEnd = pszDest;
5814 size_t cchRemaining = 0;
5815
5816 // ASSERT(cbDest == (cchDest * sizeof(wchar_t)) ||
5817 // cbDest == (cchDest * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t)));
5818
5819 // only accept valid flags
5820 if (dwFlags & (~STRSAFE_VALID_FLAGS))
5821 {
5822 hr = STRSAFE_E_INVALID_PARAMETER;
5823 }
5824 else
5825 {
5826 if (dwFlags & STRSAFE_IGNORE_NULLS)
5827 {
5828 if (pszDest == NULL)
5829 {
5830 if ((cchDest != 0) || (cbDest != 0))
5831 {
5832 // NULL pszDest and non-zero cchDest/cbDest is invalid
5833 hr = STRSAFE_E_INVALID_PARAMETER;
5834 }
5835 }
5836
5837 if (pszFormat == NULL)
5838 {
5839 pszFormat = L"";
5840 }
5841 }
5842
5843 if (SUCCEEDED(hr))
5844 {
5845 if (cchDest == 0)
5846 {
5847 pszDestEnd = pszDest;
5848 cchRemaining = 0;
5849
5850 // only fail if there was actually a non-empty format string
5851 if (*pszFormat != L'\0')
5852 {
5853 if (pszDest == NULL)
5854 {
5855 hr = STRSAFE_E_INVALID_PARAMETER;
5856 }
5857 else
5858 {
5859 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
5860 }
5861 }
5862 }
5863 else
5864 {
5865 int iRet;
5866 size_t cchMax;
5867
5868 // leave the last space for the null terminator
5869 cchMax = cchDest - 1;
5870
5871 iRet = _vsnwprintf(pszDest, cchMax, pszFormat, argList);
5872 // ASSERT((iRet < 0) || (((size_t)iRet) <= cchMax));
5873
5874 if ((iRet < 0) || (((size_t)iRet) > cchMax))
5875 {
5876 // we have truncated pszDest
5877 pszDestEnd = pszDest + cchMax;
5878 cchRemaining = 1;
5879
5880 // need to null terminate the string
5881 *pszDestEnd = L'\0';
5882
5883 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
5884 }
5885 else if (((size_t)iRet) == cchMax)
5886 {
5887 // string fit perfectly
5888 pszDestEnd = pszDest + cchMax;
5889 cchRemaining = 1;
5890
5891 // need to null terminate the string
5892 *pszDestEnd = L'\0';
5893 }
5894 else if (((size_t)iRet) < cchMax)
5895 {
5896 // there is extra room
5897 pszDestEnd = pszDest + iRet;
5898 cchRemaining = cchDest - iRet;
5899
5900 if (dwFlags & STRSAFE_FILL_BEHIND_NULL)
5901 {
5902 memset(pszDestEnd + 1, STRSAFE_GET_FILL_PATTERN(dwFlags), ((cchRemaining - 1) * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t)));
5903 }
5904 }
5905 }
5906 }
5907 }
5908
5909 if (FAILED(hr))
5910 {
5911 if (pszDest)
5912 {
5913 if (dwFlags & STRSAFE_FILL_ON_FAILURE)
5914 {
5915 memset(pszDest, STRSAFE_GET_FILL_PATTERN(dwFlags), cbDest);
5916
5917 if (STRSAFE_GET_FILL_PATTERN(dwFlags) == 0)
5918 {
5919 pszDestEnd = pszDest;
5920 cchRemaining = cchDest;
5921 }
5922 else if (cchDest > 0)
5923 {
5924 pszDestEnd = pszDest + cchDest - 1;
5925 cchRemaining = 1;
5926
5927 // null terminate the end of the string
5928 *pszDestEnd = L'\0';
5929 }
5930 }
5931
5932 if (dwFlags & (STRSAFE_NULL_ON_FAILURE | STRSAFE_NO_TRUNCATION))
5933 {
5934 if (cchDest > 0)
5935 {
5936 pszDestEnd = pszDest;
5937 cchRemaining = cchDest;
5938
5939 // null terminate the beginning of the string
5940 *pszDestEnd = L'\0';
5941 }
5942 }
5943 }
5944 }
5945
5946 if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER))
5947 {
5948 if (ppszDestEnd)
5949 {
5950 *ppszDestEnd = pszDestEnd;
5951 }
5952
5953 if (pcchRemaining)
5954 {
5955 *pcchRemaining = cchRemaining;
5956 }
5957 }
5958
5959 return hr;
5960 }
5961
5962 STRSAFEAPI StringLengthWorkerA(const char* psz, size_t cchMax, size_t* pcch)
5963 {
5964 HRESULT hr = S_OK;
5965 size_t cchMaxPrev = cchMax;
5966
5967 while (cchMax && (*psz != '\0'))
5968 {
5969 psz++;
5970 cchMax--;
5971 }
5972
5973 if (cchMax == 0)
5974 {
5975 // the string is longer than cchMax
5976 hr = STRSAFE_E_INVALID_PARAMETER;
5977 }
5978
5979 if (SUCCEEDED(hr) && pcch)
5980 {
5981 *pcch = cchMaxPrev - cchMax;
5982 }
5983
5984 return hr;
5985 }
5986
5987 STRSAFEAPI StringLengthWorkerW(const wchar_t* psz, size_t cchMax, size_t* pcch)
5988 {
5989 HRESULT hr = S_OK;
5990 size_t cchMaxPrev = cchMax;
5991
5992 while (cchMax && (*psz != L'\0'))
5993 {
5994 psz++;
5995 cchMax--;
5996 }
5997
5998 if (cchMax == 0)
5999 {
6000 // the string is longer than cchMax
6001 hr = STRSAFE_E_INVALID_PARAMETER;
6002 }
6003
6004 if (SUCCEEDED(hr) && pcch)
6005 {
6006 *pcch = cchMaxPrev - cchMax;
6007 }
6008
6009 return hr;
6010 }
6011 #endif // STRSAFE_INLINE
6012
6013 #ifndef STRSAFE_LIB_IMPL
6014 STRSAFE_INLINE_API StringGetsExWorkerA(char* pszDest, size_t cchDest, size_t cbDest, char** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
6015 {
6016 HRESULT hr = S_OK;
6017 char* pszDestEnd = pszDest;
6018 size_t cchRemaining = 0;
6019
6020 // ASSERT(cbDest == (cchDest * sizeof(char)) ||
6021 // cbDest == (cchDest * sizeof(char)) + (cbDest % sizeof(char)));
6022
6023 // only accept valid flags
6024 if (dwFlags & (~STRSAFE_VALID_FLAGS))
6025 {
6026 hr = STRSAFE_E_INVALID_PARAMETER;
6027 }
6028 else
6029 {
6030 if (dwFlags & STRSAFE_IGNORE_NULLS)
6031 {
6032 if (pszDest == NULL)
6033 {
6034 if ((cchDest != 0) || (cbDest != 0))
6035 {
6036 // NULL pszDest and non-zero cchDest/cbDest is invalid
6037 hr = STRSAFE_E_INVALID_PARAMETER;
6038 }
6039 }
6040 }
6041
6042 if (SUCCEEDED(hr))
6043 {
6044 if (cchDest <= 1)
6045 {
6046 pszDestEnd = pszDest;
6047 cchRemaining = cchDest;
6048
6049 if (cchDest == 1)
6050 {
6051 *pszDestEnd = '\0';
6052 }
6053
6054 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
6055 }
6056 else
6057 {
6058 char ch;
6059
6060 pszDestEnd = pszDest;
6061 cchRemaining = cchDest;
6062
6063 while ((cchRemaining > 1) && (ch = (char)getc(stdin)) != '\n')
6064 {
6065 if (ch == EOF)
6066 {
6067 if (pszDestEnd == pszDest)
6068 {
6069 // we failed to read anything from stdin
6070 hr = STRSAFE_E_END_OF_FILE;
6071 }
6072 break;
6073 }
6074
6075 *pszDestEnd = ch;
6076
6077 pszDestEnd++;
6078 cchRemaining--;
6079 }
6080
6081 if (cchRemaining > 0)
6082 {
6083 // there is extra room
6084 if (dwFlags & STRSAFE_FILL_BEHIND_NULL)
6085 {
6086 memset(pszDestEnd + 1, STRSAFE_GET_FILL_PATTERN(dwFlags), ((cchRemaining - 1) * sizeof(char)) + (cbDest % sizeof(char)));
6087 }
6088 }
6089
6090 *pszDestEnd = '\0';
6091 }
6092 }
6093 }
6094
6095 if (FAILED(hr))
6096 {
6097 if (pszDest)
6098 {
6099 if (dwFlags & STRSAFE_FILL_ON_FAILURE)
6100 {
6101 memset(pszDest, STRSAFE_GET_FILL_PATTERN(dwFlags), cbDest);
6102
6103 if (STRSAFE_GET_FILL_PATTERN(dwFlags) == 0)
6104 {
6105 pszDestEnd = pszDest;
6106 cchRemaining = cchDest;
6107 }
6108 else if (cchDest > 0)
6109 {
6110 pszDestEnd = pszDest + cchDest - 1;
6111 cchRemaining = 1;
6112
6113 // null terminate the end of the string
6114 *pszDestEnd = '\0';
6115 }
6116 }
6117
6118 if (dwFlags & (STRSAFE_NULL_ON_FAILURE | STRSAFE_NO_TRUNCATION))
6119 {
6120 if (cchDest > 0)
6121 {
6122 pszDestEnd = pszDest;
6123 cchRemaining = cchDest;
6124
6125 // null terminate the beginning of the string
6126 *pszDestEnd = '\0';
6127 }
6128 }
6129 }
6130 }
6131
6132 if (SUCCEEDED(hr) ||
6133 (hr == STRSAFE_E_INSUFFICIENT_BUFFER) ||
6134 (hr == STRSAFE_E_END_OF_FILE))
6135 {
6136 if (ppszDestEnd)
6137 {
6138 *ppszDestEnd = pszDestEnd;
6139 }
6140
6141 if (pcchRemaining)
6142 {
6143 *pcchRemaining = cchRemaining;
6144 }
6145 }
6146
6147 return hr;
6148 }
6149
6150 STRSAFE_INLINE_API StringGetsExWorkerW(wchar_t* pszDest, size_t cchDest, size_t cbDest, wchar_t** ppszDestEnd, size_t* pcchRemaining, unsigned long dwFlags)
6151 {
6152 HRESULT hr = S_OK;
6153 wchar_t* pszDestEnd = pszDest;
6154 size_t cchRemaining = 0;
6155
6156 // ASSERT(cbDest == (cchDest * sizeof(char)) ||
6157 // cbDest == (cchDest * sizeof(char)) + (cbDest % sizeof(char)));
6158
6159 // only accept valid flags
6160 if (dwFlags & (~STRSAFE_VALID_FLAGS))
6161 {
6162 hr = STRSAFE_E_INVALID_PARAMETER;
6163 }
6164 else
6165 {
6166 if (dwFlags & STRSAFE_IGNORE_NULLS)
6167 {
6168 if (pszDest == NULL)
6169 {
6170 if ((cchDest != 0) || (cbDest != 0))
6171 {
6172 // NULL pszDest and non-zero cchDest/cbDest is invalid
6173 hr = STRSAFE_E_INVALID_PARAMETER;
6174 }
6175 }
6176 }
6177
6178 if (SUCCEEDED(hr))
6179 {
6180 if (cchDest <= 1)
6181 {
6182 pszDestEnd = pszDest;
6183 cchRemaining = cchDest;
6184
6185 if (cchDest == 1)
6186 {
6187 *pszDestEnd = L'\0';
6188 }
6189
6190 hr = STRSAFE_E_INSUFFICIENT_BUFFER;
6191 }
6192 else
6193 {
6194 wchar_t ch;
6195
6196 pszDestEnd = pszDest;
6197 cchRemaining = cchDest;
6198
6199 while ((cchRemaining > 1) && (ch = (wchar_t)getwc(stdin)) != L'\n')
6200 {
6201 if (ch == EOF)
6202 {
6203 if (pszDestEnd == pszDest)
6204 {
6205 // we failed to read anything from stdin
6206 hr = STRSAFE_E_END_OF_FILE;
6207 }
6208 break;
6209 }
6210
6211 *pszDestEnd = ch;
6212
6213 pszDestEnd++;
6214 cchRemaining--;
6215 }
6216
6217 if (cchRemaining > 0)
6218 {
6219 // there is extra room
6220 if (dwFlags & STRSAFE_FILL_BEHIND_NULL)
6221 {
6222 memset(pszDestEnd + 1, STRSAFE_GET_FILL_PATTERN(dwFlags), ((cchRemaining - 1) * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t)));
6223 }
6224 }
6225
6226 *pszDestEnd = L'\0';
6227 }
6228 }
6229 }
6230
6231 if (FAILED(hr))
6232 {
6233 if (pszDest)
6234 {
6235 if (dwFlags & STRSAFE_FILL_ON_FAILURE)
6236 {
6237 memset(pszDest, STRSAFE_GET_FILL_PATTERN(dwFlags), cbDest);
6238
6239 if (STRSAFE_GET_FILL_PATTERN(dwFlags) == 0)
6240 {
6241 pszDestEnd = pszDest;
6242 cchRemaining = cchDest;
6243 }
6244 else if (cchDest > 0)
6245 {
6246 pszDestEnd = pszDest + cchDest - 1;
6247 cchRemaining = 1;
6248
6249 // null terminate the end of the string
6250 *pszDestEnd = L'\0';
6251 }
6252 }
6253
6254 if (dwFlags & (STRSAFE_NULL_ON_FAILURE | STRSAFE_NO_TRUNCATION))
6255 {
6256 if (cchDest > 0)
6257 {
6258 pszDestEnd = pszDest;
6259 cchRemaining = cchDest;
6260
6261 // null terminate the beginning of the string
6262 *pszDestEnd = L'\0';
6263 }
6264 }
6265 }
6266 }
6267
6268 if (SUCCEEDED(hr) ||
6269 (hr == STRSAFE_E_INSUFFICIENT_BUFFER) ||
6270 (hr == STRSAFE_E_END_OF_FILE))
6271 {
6272 if (ppszDestEnd)
6273 {
6274 *ppszDestEnd = pszDestEnd;
6275 }
6276
6277 if (pcchRemaining)
6278 {
6279 *pcchRemaining = cchRemaining;
6280 }
6281 }
6282
6283 return hr;
6284 }
6285 #endif // !STRSAFE_LIB_IMPL
6286
6287
6288 // Do not call these functions, they are worker functions for internal use within this file
6289 #ifdef DEPRECATE_SUPPORTED
6290 #pragma deprecated(StringCopyWorkerA)
6291 #pragma deprecated(StringCopyWorkerW)
6292 #pragma deprecated(StringCopyExWorkerA)
6293 #pragma deprecated(StringCopyExWorkerW)
6294 #pragma deprecated(StringCatWorkerA)
6295 #pragma deprecated(StringCatWorkerW)
6296 #pragma deprecated(StringCatExWorkerA)
6297 #pragma deprecated(StringCatExWorkerW)
6298 #pragma deprecated(StringCatNWorkerA)
6299 #pragma deprecated(StringCatNWorkerW)
6300 #pragma deprecated(StringCatNExWorkerA)
6301 #pragma deprecated(StringCatNExWorkerW)
6302 #pragma deprecated(StringVPrintfWorkerA)
6303 #pragma deprecated(StringVPrintfWorkerW)
6304 #pragma deprecated(StringVPrintfExWorkerA)
6305 #pragma deprecated(StringVPrintfExWorkerW)
6306 #pragma deprecated(StringLengthWorkerA)
6307 #pragma deprecated(StringLengthWorkerW)
6308 #else
6309 #define StringCopyWorkerA StringCopyWorkerA_instead_use_StringCchCopyA_or_StringCchCopyExA;
6310 #define StringCopyWorkerW StringCopyWorkerW_instead_use_StringCchCopyW_or_StringCchCopyExW;
6311 #define StringCopyExWorkerA StringCopyExWorkerA_instead_use_StringCchCopyA_or_StringCchCopyExA;
6312 #define StringCopyExWorkerW StringCopyExWorkerW_instead_use_StringCchCopyW_or_StringCchCopyExW;
6313 #define StringCatWorkerA StringCatWorkerA_instead_use_StringCchCatA_or_StringCchCatExA;
6314 #define StringCatWorkerW StringCatWorkerW_instead_use_StringCchCatW_or_StringCchCatExW;
6315 #define StringCatExWorkerA StringCatExWorkerA_instead_use_StringCchCatA_or_StringCchCatExA;
6316 #define StringCatExWorkerW StringCatExWorkerW_instead_use_StringCchCatW_or_StringCchCatExW;
6317 #define StringCatNWorkerA StringCatNWorkerA_instead_use_StringCchCatNA_or_StrincCbCatNA;
6318 #define StringCatNWorkerW StringCatNWorkerW_instead_use_StringCchCatNW_or_StringCbCatNW;
6319 #define StringCatNExWorkerA StringCatNExWorkerA_instead_use_StringCchCatNExA_or_StringCbCatNExA;
6320 #define StringCatNExWorkerW StringCatNExWorkerW_instead_use_StringCchCatNExW_or_StringCbCatNExW;
6321 #define StringVPrintfWorkerA StringVPrintfWorkerA_instead_use_StringCchVPrintfA_or_StringCchVPrintfExA;
6322 #define StringVPrintfWorkerW StringVPrintfWorkerW_instead_use_StringCchVPrintfW_or_StringCchVPrintfExW;
6323 #define StringVPrintfExWorkerA StringVPrintfExWorkerA_instead_use_StringCchVPrintfA_or_StringCchVPrintfExA;
6324 #define StringVPrintfExWorkerW StringVPrintfExWorkerW_instead_use_StringCchVPrintfW_or_StringCchVPrintfExW;
6325 #define StringLengthWorkerA StringLengthWorkerA_instead_use_StringCchLengthA_or_StringCbLengthA;
6326 #define StringLengthWorkerW StringLengthWorkerW_instead_use_StringCchLengthW_or_StringCbLengthW;
6327 #endif // !DEPRECATE_SUPPORTED
6328
6329
6330 #ifndef STRSAFE_NO_DEPRECATE
6331 // Deprecate all of the unsafe functions to generate compiletime errors. If you do not want
6332 // this then you can #define STRSAFE_NO_DEPRECATE before including this file.
6333 #ifdef DEPRECATE_SUPPORTED
6334
6335 // First all the names that are a/w variants (or shouldn't be #defined by now anyway).
6336 #pragma deprecated(lstrcpyA)
6337 #pragma deprecated(lstrcpyW)
6338 #pragma deprecated(lstrcatA)
6339 #pragma deprecated(lstrcatW)
6340 #pragma deprecated(wsprintfA)
6341 #pragma deprecated(wsprintfW)
6342
6343 #pragma deprecated(StrCpyW)
6344 #pragma deprecated(StrCatW)
6345 #pragma deprecated(StrNCatA)
6346 #pragma deprecated(StrNCatW)
6347 #pragma deprecated(StrCatNA)
6348 #pragma deprecated(StrCatNW)
6349 #pragma deprecated(wvsprintfA)
6350 #pragma deprecated(wvsprintfW)
6351
6352 #pragma deprecated(strcpy)
6353 #pragma deprecated(wcscpy)
6354 #pragma deprecated(strcat)
6355 #pragma deprecated(wcscat)
6356 #pragma deprecated(sprintf)
6357 #pragma deprecated(swprintf)
6358 #pragma deprecated(vsprintf)
6359 #pragma deprecated(vswprintf)
6360 #pragma deprecated(_snprintf)
6361 #pragma deprecated(_snwprintf)
6362 #pragma deprecated(_vsnprintf)
6363 #pragma deprecated(_vsnwprintf)
6364 #pragma deprecated(gets)
6365 #pragma deprecated(_getws)
6366
6367 // Then all the windows.h names - we need to undef and redef based on UNICODE setting
6368 #undef lstrcpy
6369 #undef lstrcat
6370 #undef wsprintf
6371 #undef wvsprintf
6372 #pragma deprecated(lstrcpy)
6373 #pragma deprecated(lstrcat)
6374 #pragma deprecated(wsprintf)
6375 #pragma deprecated(wvsprintf)
6376 #ifdef UNICODE
6377 #define lstrcpy lstrcpyW
6378 #define lstrcat lstrcatW
6379 #define wsprintf wsprintfW
6380 #define wvsprintf wvsprintfW
6381 #else
6382 #define lstrcpy lstrcpyA
6383 #define lstrcat lstrcatA
6384 #define wsprintf wsprintfA
6385 #define wvsprintf wvsprintfA
6386 #endif
6387
6388 // Then the shlwapi names - they key off UNICODE also.
6389 #undef StrCpyA
6390 #undef StrCpy
6391 #undef StrCatA
6392 #undef StrCat
6393 #undef StrNCat
6394 #undef StrCatN
6395 #pragma deprecated(StrCpyA)
6396 #pragma deprecated(StrCatA)
6397 #pragma deprecated(StrCatN)
6398 #pragma deprecated(StrCpy)
6399 #pragma deprecated(StrCat)
6400 #pragma deprecated(StrNCat)
6401 #define StrCpyA lstrcpyA
6402 #define StrCatA lstrcatA
6403 #define StrCatN StrNCat
6404 #ifdef UNICODE
6405 #define StrCpy StrCpyW
6406 #define StrCat StrCatW
6407 #define StrNCat StrNCatW
6408 #else
6409 #define StrCpy lstrcpyA
6410 #define StrCat lstrcatA
6411 #define StrNCat StrNCatA
6412 #endif
6413
6414 // Then all the CRT names - we need to undef/redef based on _UNICODE value.
6415 #undef _tcscpy
6416 #undef _ftcscpy
6417 #undef _tcscat
6418 #undef _ftcscat
6419 #undef _stprintf
6420 #undef _sntprintf
6421 #undef _vstprintf
6422 #undef _vsntprintf
6423 #undef _getts
6424 #pragma deprecated(_tcscpy)
6425 #pragma deprecated(_ftcscpy)
6426 #pragma deprecated(_tcscat)
6427 #pragma deprecated(_ftcscat)
6428 #pragma deprecated(_stprintf)
6429 #pragma deprecated(_sntprintf)
6430 #pragma deprecated(_vstprintf)
6431 #pragma deprecated(_vsntprintf)
6432 #pragma deprecated(_getts)
6433 #ifdef _UNICODE
6434 #define _tcscpy wcscpy
6435 #define _ftcscpy wcscpy
6436 #define _tcscat wcscat
6437 #define _ftcscat wcscat
6438 #define _stprintf swprintf
6439 #define _sntprintf _snwprintf
6440 #define _vstprintf vswprintf
6441 #define _vsntprintf _vsnwprintf
6442 #define _getts _getws
6443 #else
6444 #define _tcscpy strcpy
6445 #define _ftcscpy strcpy
6446 #define _tcscat strcat
6447 #define _ftcscat strcat
6448 #define _stprintf sprintf
6449 #define _sntprintf _snprintf
6450 #define _vstprintf vsprintf
6451 #define _vsntprintf _vsnprintf
6452 #define _getts gets
6453 #endif
6454
6455 #else // DEPRECATE_SUPPORTED
6456
6457 #undef strcpy
6458 #define strcpy strcpy_instead_use_StringCbCopyA_or_StringCchCopyA;
6459
6460 #undef wcscpy
6461 #define wcscpy wcscpy_instead_use_StringCbCopyW_or_StringCchCopyW;
6462
6463 #undef strcat
6464 #define strcat strcat_instead_use_StringCbCatA_or_StringCchCatA;
6465
6466 #undef wcscat
6467 #define wcscat wcscat_instead_use_StringCbCatW_or_StringCchCatW;
6468
6469 #undef sprintf
6470 #define sprintf sprintf_instead_use_StringCbPrintfA_or_StringCchPrintfA;
6471
6472 #undef swprintf
6473 #define swprintf swprintf_instead_use_StringCbPrintfW_or_StringCchPrintfW;
6474
6475 #undef vsprintf
6476 #define vsprintf vsprintf_instead_use_StringCbVPrintfA_or_StringCchVPrintfA;
6477
6478 #undef vswprintf
6479 #define vswprintf vswprintf_instead_use_StringCbVPrintfW_or_StringCchVPrintfW;
6480
6481 #undef _snprintf
6482 #define _snprintf _snprintf_instead_use_StringCbPrintfA_or_StringCchPrintfA;
6483
6484 #undef _snwprintf
6485 #define _snwprintf _snwprintf_instead_use_StringCbPrintfW_or_StringCchPrintfW;
6486
6487 #undef _vsnprintf
6488 #define _vsnprintf _vsnprintf_instead_use_StringCbVPrintfA_or_StringCchVPrintfA;
6489
6490 #undef _vsnwprintf
6491 #define _vsnwprintf _vsnwprintf_instead_use_StringCbVPrintfW_or_StringCchVPrintfW;
6492
6493 #undef strcpyA
6494 #define strcpyA strcpyA_instead_use_StringCbCopyA_or_StringCchCopyA;
6495
6496 #undef strcpyW
6497 #define strcpyW strcpyW_instead_use_StringCbCopyW_or_StringCchCopyW;
6498
6499 #undef lstrcpy
6500 #define lstrcpy lstrcpy_instead_use_StringCbCopy_or_StringCchCopy;
6501
6502 #undef lstrcpyA
6503 #define lstrcpyA lstrcpyA_instead_use_StringCbCopyA_or_StringCchCopyA;
6504
6505 #undef lstrcpyW
6506 #define lstrcpyW lstrcpyW_instead_use_StringCbCopyW_or_StringCchCopyW;
6507
6508 #undef StrCpy
6509 #define StrCpy StrCpy_instead_use_StringCbCopy_or_StringCchCopy;
6510
6511 #undef StrCpyA
6512 #define StrCpyA StrCpyA_instead_use_StringCbCopyA_or_StringCchCopyA;
6513
6514 #undef StrCpyW
6515 #define StrCpyW StrCpyW_instead_use_StringCbCopyW_or_StringCchCopyW;
6516
6517 #undef _tcscpy
6518 #define _tcscpy _tcscpy_instead_use_StringCbCopy_or_StringCchCopy;
6519
6520 #undef _ftcscpy
6521 #define _ftcscpy _ftcscpy_instead_use_StringCbCopy_or_StringCchCopy;
6522
6523 #undef lstrcat
6524 #define lstrcat lstrcat_instead_use_StringCbCat_or_StringCchCat;
6525
6526 #undef lstrcatA
6527 #define lstrcatA lstrcatA_instead_use_StringCbCatA_or_StringCchCatA;
6528
6529 #undef lstrcatW
6530 #define lstrcatW lstrcatW_instead_use_StringCbCatW_or_StringCchCatW;
6531
6532 #undef StrCat
6533 #define StrCat StrCat_instead_use_StringCbCat_or_StringCchCat;
6534
6535 #undef StrCatA
6536 #define StrCatA StrCatA_instead_use_StringCbCatA_or_StringCchCatA;
6537
6538 #undef StrCatW
6539 #define StrCatW StrCatW_instead_use_StringCbCatW_or_StringCchCatW;
6540
6541 #undef StrNCat
6542 #define StrNCat StrNCat_instead_use_StringCbCatN_or_StringCchCatN;
6543
6544 #undef StrNCatA
6545 #define StrNCatA StrNCatA_instead_use_StringCbCatNA_or_StringCchCatNA;
6546
6547 #undef StrNCatW
6548 #define StrNCatW StrNCatW_instead_use_StringCbCatNW_or_StringCchCatNW;
6549
6550 #undef StrCatN
6551 #define StrCatN StrCatN_instead_use_StringCbCatN_or_StringCchCatN;
6552
6553 #undef StrCatNA
6554 #define StrCatNA StrCatNA_instead_use_StringCbCatNA_or_StringCchCatNA;
6555
6556 #undef StrCatNW
6557 #define StrCatNW StrCatNW_instead_use_StringCbCatNW_or_StringCchCatNW;
6558
6559 #undef _tcscat
6560 #define _tcscat _tcscat_instead_use_StringCbCat_or_StringCchCat;
6561
6562 #undef _ftcscat
6563 #define _ftcscat _ftcscat_instead_use_StringCbCat_or_StringCchCat;
6564
6565 #undef wsprintf
6566 #define wsprintf wsprintf_instead_use_StringCbPrintf_or_StringCchPrintf;
6567
6568 #undef wsprintfA
6569 #define wsprintfA wsprintfA_instead_use_StringCbPrintfA_or_StringCchPrintfA;
6570
6571 #undef wsprintfW
6572 #define wsprintfW wsprintfW_instead_use_StringCbPrintfW_or_StringCchPrintfW;
6573
6574 #undef wvsprintf
6575 #define wvsprintf wvsprintf_instead_use_StringCbVPrintf_or_StringCchVPrintf;
6576
6577 #undef wvsprintfA
6578 #define wvsprintfA wvsprintfA_instead_use_StringCbVPrintfA_or_StringCchVPrintfA;
6579
6580 #undef wvsprintfW
6581 #define wvsprintfW wvsprintfW_instead_use_StringCbVPrintfW_or_StringCchVPrintfW;
6582
6583 #undef _vstprintf
6584 #define _vstprintf _vstprintf_instead_use_StringCbVPrintf_or_StringCchVPrintf;
6585
6586 #undef _vsntprintf
6587 #define _vsntprintf _vsntprintf_instead_use_StringCbVPrintf_or_StringCchVPrintf;
6588
6589 #undef _stprintf
6590 #define _stprintf _stprintf_instead_use_StringCbPrintf_or_StringCchPrintf;
6591
6592 #undef _sntprintf
6593 #define _sntprintf _sntprintf_instead_use_StringCbPrintf_or_StringCchPrintf;
6594
6595 #undef _getts
6596 #define _getts _getts_instead_use_StringCbGets_or_StringCchGets;
6597
6598 #undef gets
6599 #define gets _gets_instead_use_StringCbGetsA_or_StringCchGetsA;
6600
6601 #undef _getws
6602 #define _getws _getws_instead_use_StringCbGetsW_or_StringCchGetsW;
6603
6604 #endif // !DEPRECATE_SUPPORTED
6605 #endif // !STRSAFE_NO_DEPRECATE
6606
6607 #ifdef _NTSTRSAFE_H_INCLUDED_
6608 #pragma warning(pop)
6609 #endif // _NTSTRSAFE_H_INCLUDED_
6610
6611 #endif // _STRSAFE_H_INCLUDED_