writing to c_str() - secure?

Discussion regarding the development of CEGUI itself - as opposed to questions about CEGUI usage that should be in the help forums.

Moderators: CEGUI MVP, CEGUI Team

User avatar
tb77
Just popping in
Just popping in
Posts: 7
Joined: Sat Oct 15, 2005 21:50

writing to c_str() - secure?

Postby tb77 » Thu Feb 09, 2006 03:35

for example:
-----
float Spinner::getValueFromText(void) const
{
// handle empty case
if (d_editbox->getText().empty())
{
return 0.0f;
}

int res, tmp;
uint utmp;
float val;

switch (d_inputMode)
{
case FloatingPoint:
res = sprintf_s(d_editbox->getText().c_str(), d_editbox->getText().max_size(), "%f", &val);
-----

writes to c_str(). if i replace sprintf with sprintf_s, what should i use as size? d_editbox->getText().max_size() ?

(i'am "porting" the 0.41 source to vc8)
best regards,
thomas

User avatar
CrazyEddie
CEGUI Project Lead
Posts: 6760
Joined: Wed Jan 12, 2005 12:06
Location: England
Contact:

Re: writing to c_str() - secure?

Postby CrazyEddie » Thu Feb 09, 2006 09:31

Unfortunately you can't write to the buffer returned from CEGUI::String::c_str - it's const. And also, it's not the actual buffer where the string data is stored; so even if you could write to it, the actual string content would not be updated.

The 'best' way to achieve the desired result using these types of functions is to use a temporary char array, then assign this to the CEGUI::String afterwards.

HTH

CE.

User avatar
tb77
Just popping in
Just popping in
Posts: 7
Joined: Sat Oct 15, 2005 21:50

Postby tb77 » Sat Feb 11, 2006 18:00

sorry my fault, i mixed some code up with "find & replace" - so sprinf_s should be sscanf_s ....

thomas


Return to “CEGUI Library Development Discussion”

Who is online

Users browsing this forum: No registered users and 5 guests