RtlStringCbCatExW - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTSTRSAFE_H_INCLUDED_
#ifndef NTSTRSAFE_LIB_IMPL
#ifndef NTSTRSAFE_NO_CB_FUNCTIONS
NTSTRSAFEDDI
RtlStringCbCatExW(
_Inout_updates_bytes_(cbDest) _Always_(_Post_z_) NTSTRSAFE_PWSTR pszDest,
_In_ size_t cbDest,
_In_ NTSTRSAFE_PCWSTR pszSrc,
_Outptr_opt_result_bytebuffer_(*pcbRemaining) NTSTRSAFE_PWSTR* ppszDestEnd,
_Out_opt_ size_t* pcbRemaining,
_In_ DWORD dwFlags)
{
NTSTATUS status;
size_t cchDest = cbDest / sizeof(wchar_t);
size_t cchDestLength;
status = RtlStringExValidateDestAndLengthW(pszDest,
cchDest,
&cchDestLength,
NTSTRSAFE_MAX_CCH,
dwFlags);
if (NT_SUCCESS(status))
{
NTSTRSAFE_PWSTR pszDestEnd = pszDest + cchDestLength;
size_t cchRemaining = cchDest - cchDestLength;
status = RtlStringExValidateSrcW(&pszSrc, NULL, NTSTRSAFE_MAX_CCH, dwFlags);
if (NT_SUCCESS(status))
{
if (dwFlags & (~STRSAFE_VALID_FLAGS))
{
status = STATUS_INVALID_PARAMETER;
}
else if (cchRemaining <= 1)
{
// only fail if there was actually src data to append
if (*pszSrc != L'\0')
{
if (pszDest == NULL)
{
status = STATUS_INVALID_PARAMETER;
}
else
{
status = STATUS_BUFFER_OVERFLOW;
}
}
}
else
{
size_t cchCopied = 0;
status = RtlStringCopyWorkerW(pszDestEnd,
cchRemaining,
&cchCopied,
pszSrc,
NTSTRSAFE_MAX_LENGTH);
pszDestEnd = pszDestEnd + cchCopied;
cchRemaining = cchRemaining - cchCopied;
if (NT_SUCCESS(status) && (dwFlags & STRSAFE_FILL_BEHIND_NULL))
{
size_t cbRemaining;
// safe to multiply cchRemaining * sizeof(wchar_t) since cchRemaining < NTSTRSAFE_MAX_CCH and sizeof(wchar_t) is 2
cbRemaining = (cchRemaining * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t));
// handle the STRSAFE_FILL_BEHIND_NULL flag
RtlStringExHandleFillBehindNullW(pszDestEnd, cbRemaining, dwFlags);
}
}
}
if (!NT_SUCCESS(status) &&
(dwFlags & (STRSAFE_NO_TRUNCATION | STRSAFE_FILL_ON_FAILURE | STRSAFE_NULL_ON_FAILURE)) &&
(cbDest != 0))
{
// handle the STRSAFE_FILL_ON_FAILURE, STRSAFE_NULL_ON_FAILURE, and STRSAFE_NO_TRUNCATION flags
RtlStringExHandleOtherFlagsW(pszDest,
cbDest,
cchDestLength,
&pszDestEnd,
&cchRemaining,
dwFlags);
}
if (NT_SUCCESS(status) || (status == STATUS_BUFFER_OVERFLOW))
{
if (ppszDestEnd)
{
*ppszDestEnd = pszDestEnd;
}
if (pcbRemaining)
{
// safe to multiply cchRemaining * sizeof(wchar_t) since cchRemaining < NTSTRSAFE_MAX_CCH and sizeof(wchar_t) is 2
*pcbRemaining = (cchRemaining * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t));
}
}
}
return status;
}
View code on GitHub// ntstrsafe.h
NTSTRSAFEDDI RtlStringCbCatExW(
[in, out, optional] NTSTRSAFE_PWSTR pszDest,
[in] size_t cbDest,
[in, optional] NTSTRSAFE_PCWSTR pszSrc,
[out, optional] NTSTRSAFE_PWSTR *ppszDestEnd,
[out, optional] size_t *pcbRemaining,
[in] DWORD dwFlags
);
View the official Windows Driver Kit DDI referenceNo description available.
The RtlStringCbCatExW and RtlStringCbCatExA functions concatenate two byte-counted strings.
pszDest [in, out, optional]A pointer to a buffer which, on input, contains a null-terminated string to which pszSrc will be concatenated. On output, this is the destination buffer that contains the entire resultant string. The string at pszSrc is added to the end of the string at pszDest and terminated with a null character. The pszDest pointer can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.
cbDest [in]The size of the destination buffer, in bytes. The buffer must be large enough to include both strings and the terminating null character.
For Unicode strings, the maximum number of bytes is NTSTRSAFE_MAX_CCH * sizeof(WCHAR)
For ANSI strings, the maximum number of bytes is NTSTRSAFE_MAX_CCH * sizeof(char)
pszSrc [in, optional]A pointer to a null-terminated string. This string will be concatenated to the end of the string that is contained in the buffer at pszDest. The pszSrc pointer can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.
ppszDestEnd [out, optional]If the caller supplies a non-NULL address pointer, then after the concatenation operation completes, the function loads that address with a pointer to the destination buffer's resulting NULL string terminator.
pcbRemaining [out, optional]If the caller supplies a non-NULL address pointer, the function loads the address with the number of unused bytes that are in the buffer pointed to by pszDest, including bytes used for the terminating null character.
dwFlags [in]One or more flags and, optionally, a fill byte. The flags are defined as follows:
| Value | Meaning |
|---|---|
| STRSAFE_FILL_BEHIND_NULL | If this flag is set and the function succeeds, the low byte of dwFlags is used to fill the portion of the destination buffer that follows the terminating null character. |
| STRSAFE_IGNORE_NULLS | If this flag is set, either pszDest or pszSrc, or both, can be NULL. NULL pszSrc pointers are treated like empty strings (TEXT("")), which can be copied. NULL pszDest pointers cannot receive nonempty strings. |
| STRSAFE_FILL_ON_FAILURE | If this flag is set and the function fails, the low byte of dwFlags is used to fill the entire destination buffer, and the buffer is null-terminated. This operation overwrites any preexisting buffer contents. |
| STRSAFE_NULL_ON_FAILURE | If this flag is set and the function fails, the destination buffer is set to an empty string (TEXT("")). This operation overwrites any preexisting buffer contents. |
| STRSAFE_NO_TRUNCATION | If this flag is set and the function returns STATUS_BUFFER_OVERFLOW: * If STRSAFE_FILL_ON_FAILURE is also specified, STRSAFE_NO_TRUNCATION fills the destination buffer accordingly. * Otherwise, the destination buffer will be unmodified. |
The function returns one of the NTSTATUS values that are listed in the following table. For information about how to test NTSTATUS values, see Using NTSTATUS Values.
| Return code | Description |
|---|---|
| STATUS_SUCCESS | This success status means source data was present, the strings were fully concatenated without truncation, and the resultant destination buffer is null-terminated. |
| STATUS_BUFFER_OVERFLOW | This warning status means the copy operation did not complete due to insufficient space in the destination buffer. If STRSAFE_NO_TRUNCATION is set, see the dwFlags parameter for more information. |
| STATUS_INVALID_PARAMETER | This error status means the function received an invalid input parameter. For more information, see the following paragraph. The function returns the STATUS_INVALID_PARAMETER when: * An invalid flag was specified. * The value in cbDest is larger than the maximum buffer size. * The destination buffer was already full. * A NULL pointer was present without the STRSAFE_IGNORE_NULLS flag. * The destination buffer pointer was NULL, but the buffer size was not zero. * The destination buffer pointer was NULL, or its length was zero, but a nonzero length source string was present. |
RtlStringCbCatExW and RtlStringCbCatExA should be used instead of the following functions.
Because RtlStringCbCatExW and RtlStringCbCatExAreceive the size of the destination buffer as input, they will not write past the end of the buffer.
RtlStringCbCatEx adds to the functionality of RtlStringCbCat by returning a pointer to the end of the destination string, as well as the number of bytes left unused in that string. Flags can also be passed to the function for additional control.
Use RtlStringCbCatExW to handle Unicode strings and RtlStringCbCatExA to handle ANSI strings. The form to use is determined by your data, as shown in the following table.
| String data type | String literal | Function |
|---|---|---|
| WCHAR | L"string" | RtlStringCbCatExW |
| char | "string" | RtlStringCbCatExA |
If pszSrc and pszDest point to overlapping strings, the behavior of the function is undefined.
Neither pszSrc nor pszDest can be NULL unless the STRSAFE_IGNORE_NULLS flag is set, in which case either or both can be NULL. If pszDest is NULL, pszSrc must either be NULL or point to an empty string.
For more information about the safe string functions, see Using safe string functions.