CEGUI (Crazy Eddie's GUI) Forums

The official forum for CEGUI
http://cegui.org.uk/forum/

writing to c_str() - secure?

http://cegui.org.uk/forum/viewtopic.php?f=5&t=1325

Page 1 of 1

writing to c_str() - secure?

Posted: Thu Feb 09, 2006 03:35
by tb77
for example:
-----
float Spinner::getValueFromText(void) const
{
// handle empty case
if (d_editbox->getText().empty())
{
return 0.0f;
}

int res, tmp;
uint utmp;
float val;

switch (d_inputMode)
{
case FloatingPoint:
res = sprintf_s(d_editbox->getText().c_str(), d_editbox->getText().max_size(), "%f", &val);
-----

writes to c_str(). if i replace sprintf with sprintf_s, what should i use as size? d_editbox->getText().max_size() ?

(i'am "porting" the 0.41 source to vc8)
best regards,
thomas

Re: writing to c_str() - secure?

Posted: Thu Feb 09, 2006 09:31
by CrazyEddie
Unfortunately you can't write to the buffer returned from CEGUI::String::c_str - it's const. And also, it's not the actual buffer where the string data is stored; so even if you could write to it, the actual string content would not be updated.

The 'best' way to achieve the desired result using these types of functions is to use a temporary char array, then assign this to the CEGUI::String afterwards.

HTH

CE.

Posted: Sat Feb 11, 2006 18:00
by tb77
sorry my fault, i mixed some code up with "find & replace" - so sprinf_s should be sscanf_s ....

thomas
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/