RtlStringCbCopyNExA - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTSTRSAFE_H_INCLUDED_
#ifndef NTSTRSAFE_LIB_IMPL
#ifndef NTSTRSAFE_NO_CB_FUNCTIONS
/*++
NTSTATUS
RtlStringCbCopyNEx(
_Out_writes_bytes_(cbDest) LPTSTR pszDest OPTIONAL,
_In_ size_t cbDest,
_In_ LPCTSTR pszSrc OPTIONAL,
_In_ size_t cbToCopy,
_Outptr_opt_result_bytebuffer_(*pcbRemaining) LPTSTR* ppszDestEnd OPTIONAL,
_Out_opt_ size_t* pcbRemaining OPTIONAL,
_In_ DWORD dwFlags
);
Routine Description:
This routine is a safer version of the C built-in function 'strncpy' with
some additional parameters. In addition to functionality provided by
RtlStringCbCopyN, this routine also returns a pointer to the end of the
destination string and the number of bytes left in the destination string
including the null terminator. The flags parameter allows additional controls.
This routine is meant as a replacement for strncpy, but it does behave
differently. This function will not pad the destination buffer with extra
null termination characters if cbToCopy is greater than the size of pszSrc.
Arguments:
pszDest - destination string
cbDest - size of destination buffer in bytes.
length must be ((_tcslen(pszSrc) + 1) * sizeof(TCHAR)) to
hold all of the source including the null terminator
pszSrc - source string
cbToCopy - maximum number of bytes to copy from source string
ppszDestEnd - if ppszDestEnd is non-null, the function will return a
pointer to the end of the destination string. If the
function copied any data, the result will point to the
null termination character
pcbRemaining - pcbRemaining is non-null,the function will return the
number of bytes left in the destination string,
including the null terminator
dwFlags - controls some details of the string copy:
STRSAFE_FILL_BEHIND_NULL
if the function succeeds, the low byte of dwFlags will be
used to fill the uninitialize part of destination buffer
behind the null terminator
STRSAFE_IGNORE_NULLS
treat NULL string pointers like empty strings (TEXT("")).
this flag is useful for emulating functions like lstrcpy
STRSAFE_FILL_ON_FAILURE
if the function fails, the low byte of dwFlags will be
used to fill all of the destination buffer, and it will
be null terminated. This will overwrite any truncated
string returned when the failure is
STATUS_BUFFER_OVERFLOW
STRSAFE_NO_TRUNCATION /
STRSAFE_NULL_ON_FAILURE
if the function fails, the destination buffer will be set
to the empty string. This will overwrite any truncated string
returned when the failure is STATUS_BUFFER_OVERFLOW.
Notes:
Behavior is undefined if source and destination strings overlap.
pszDest and pszSrc should not be NULL unless the STRSAFE_IGNORE_NULLS flag
is specified. If STRSAFE_IGNORE_NULLS is passed, both pszDest and pszSrc
may be NULL. An error may still be returned even though NULLS are ignored
due to insufficient space.
Return Value:
STATUS_SUCCESS - if there was source data and it was all copied and the
resultant dest string was null terminated
failure - you can use the macro NTSTATUS_CODE() to get a win32
error code for all hresult failure cases
STATUS_BUFFER_OVERFLOW /
NTSTATUS_CODE(status) == ERROR_INSUFFICIENT_BUFFER
- this return value is an indication that the copy
operation failed due to insufficient space. When this
error occurs, the destination buffer is modified to
contain a truncated version of the ideal result and is
null terminated. This is useful for situations where
truncation is ok.
It is strongly recommended to use the NT_SUCCESS() macro to test the
return value of this function
--*/
NTSTRSAFEDDI
RtlStringCbCopyNExA(
_Out_writes_bytes_(cbDest) NTSTRSAFE_PSTR pszDest,
_In_ size_t cbDest,
_In_reads_bytes_(cbToCopy) STRSAFE_PCNZCH pszSrc,
_In_ size_t cbToCopy,
_Outptr_opt_result_bytebuffer_(*pcbRemaining) NTSTRSAFE_PSTR* ppszDestEnd,
_Out_opt_ size_t* pcbRemaining,
_In_ DWORD dwFlags)
{
NTSTATUS status;
size_t cchDest = cbDest / sizeof(char);
status = RtlStringExValidateDestA(pszDest, cchDest, NTSTRSAFE_MAX_CCH, dwFlags);
if (NT_SUCCESS(status))
{
NTSTRSAFE_PSTR pszDestEnd = pszDest;
size_t cchRemaining = cchDest;
size_t cchToCopy = cbToCopy / sizeof(char);
status = RtlStringExValidateSrcA(&pszSrc, &cchToCopy, NTSTRSAFE_MAX_CCH, dwFlags);
if (NT_SUCCESS(status))
{
if (dwFlags & (~STRSAFE_VALID_FLAGS))
{
status = STATUS_INVALID_PARAMETER;
if (cchDest != 0)
{
*pszDest = '\0';
}
}
else if (cchDest == 0)
{
// only fail if there was actually src data to copy
if ((cchToCopy != 0) && (*pszSrc != '\0'))
{
if (pszDest == NULL)
{
status = STATUS_INVALID_PARAMETER;
}
else
{
status = STATUS_BUFFER_OVERFLOW;
}
}
else
{
// for consistency with other use in this case...
__analysis_assume_nullterminated(pszDest);
}
}
else
{
size_t cchCopied = 0;
status = RtlStringCopyWorkerA(pszDest,
cchDest,
&cchCopied,
pszSrc,
cchToCopy);
pszDestEnd = pszDest + cchCopied;
cchRemaining = cchDest - cchCopied;
if (NT_SUCCESS(status) &&
(dwFlags & STRSAFE_FILL_BEHIND_NULL) &&
(cchRemaining > 1))
{
size_t cbRemaining;
// safe to multiply cchRemaining * sizeof(char) since cchRemaining < NTSTRSAFE_MAX_CCH and sizeof(char) is 1
cbRemaining = (cchRemaining * sizeof(char)) + (cbDest % sizeof(char));
// handle the STRSAFE_FILL_BEHIND_NULL flag
RtlStringExHandleFillBehindNullA(pszDestEnd, cbRemaining, dwFlags);
}
}
}
else
{
if (cchDest != 0)
{
*pszDest = '\0';
}
}
if (!NT_SUCCESS(status) &&
(dwFlags & (STRSAFE_NO_TRUNCATION | STRSAFE_FILL_ON_FAILURE | STRSAFE_NULL_ON_FAILURE)) &&
(cbDest != 0))
{
// handle the STRSAFE_FILL_ON_FAILURE, STRSAFE_NULL_ON_FAILURE, and STRSAFE_NO_TRUNCATION flags
RtlStringExHandleOtherFlagsA(pszDest,
cbDest,
0,
&pszDestEnd,
&cchRemaining,
dwFlags);
}
if (NT_SUCCESS(status) || (status == STATUS_BUFFER_OVERFLOW))
{
if (ppszDestEnd)
{
*ppszDestEnd = pszDestEnd;
}
if (pcbRemaining)
{
// safe to multiply cchRemaining * sizeof(char) since cchRemaining < NTSTRSAFE_MAX_CCH and sizeof(char) is 1
*pcbRemaining = (cchRemaining * sizeof(char)) + (cbDest % sizeof(char));
}
}
}
return status;
}
View code on GitHub// ntstrsafe.h
NTSTRSAFEDDI RtlStringCbCopyNExA(
[out, optional] NTSTRSAFE_PSTR pszDest,
[in] size_t cbDest,
[in, optional] STRSAFE_PCNZCH pszSrc,
size_t cbToCopy,
[out, optional] NTSTRSAFE_PSTR *ppszDestEnd,
[out, optional] size_t *pcbRemaining,
[in] DWORD dwFlags
);
View the official Windows Driver Kit DDI referenceNo description available.
The RtlStringCbCopyNExW and RtlStringCbCopyNExA functions copy a byte-counted string to a buffer while limiting the size of the copied string.
pszDest [out, optional]A pointer to a caller-supplied buffer that receives the copied string. The string at pszSrc is copied to the buffer at pszDest and terminated with a null character. The pszDest pointer can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.
cbDest [in]The size, in bytes, of the destination buffer. The buffer must be large enough for the string and the terminating null character.
For Unicode strings, the maximum number of bytes is NTSTRSAFE_MAX_CCH * sizeof(WCHAR)
For ANSI strings, the maximum number of bytes is NTSTRSAFE_MAX_CCH * sizeof(char)
If pszDest is NULL, cbDest must be zero.
pszSrc [in, optional]A pointer to a caller-supplied, null-terminated string. The pszSrc pointer can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.
cbToCopyThe maximum number of bytes to copy from pszSrc to pszDest.
ppszDestEnd [out, optional]If the caller supplies a non-NULL address pointer then, after the copy operation completes, the function loads that address with a pointer to the destination buffer's resulting null string terminator.
pcbRemaining [out, optional]If the caller supplies a non-NULL address pointer, the function loads the address with the number of unused bytes that are in the buffer pointed to by pszDest, including those bytes used for the terminating null character.
dwFlags [in]One or more flags and, optionally, a fill byte. The flags are defined as follows:
| Value | Meaning |
|---|---|
| STRSAFE_FILL_BEHIND_NULL | If this flag is set and the function succeeds, the low byte of dwFlags is used to fill the portion of the destination buffer that follows the terminating null character. |
| STRSAFE_IGNORE_NULLS | If this flag is set, either pszDest or pszSrc, or both, can be NULL. NULL pszSrc pointers are treated like empty strings (TEXT("")), which can be copied. NULL pszDest pointers cannot receive nonempty strings. |
| STRSAFE_FILL_ON_FAILURE | If this flag is set and the function fails, the low byte of dwFlags is used to fill the entire destination buffer, and the buffer is null-terminated. This operation overwrites any preexisting buffer contents. |
| STRSAFE_NULL_ON_FAILURE | If this flag is set and the function fails, the destination buffer is set to an empty string (TEXT("")). This operation overwrites any preexisting buffer contents. |
| STRSAFE_NO_TRUNCATION | If this flag is set and the function returns STATUS_BUFFER_OVERFLOW: * If STRSAFE_FILL_ON_FAILURE is also specified, STRSAFE_NO_TRUNCATION fills the destination buffer accordingly. * Otherwise, the contents of the destination buffer will be set to an empty string, even if STRSAFE_NULL_ON_FAILURE is not set. STRSAFE_FILL_BEHIND_NULL is ignored. |
The function returns one of the NTSTATUS values that are listed in the following table. For information about how to test NTSTATUS values, see Using NTSTATUS Values.
| Return code | Description |
|---|---|
| STATUS_SUCCESS | This success status means source data was present, the string was copied without truncation, and the resultant destination buffer is null-terminated. |
| STATUS_BUFFER_OVERFLOW | This warning status means the copy operation did not complete due to insufficient space in the destination buffer. If STRSAFE_NO_TRUNCATION is set, see the dwFlags parameter for more information. |
| STATUS_INVALID_PARAMETER | This error status means the function received an invalid input parameter. For more information, see the following paragraph. The function returns the STATUS_INVALID_PARAMETER value when: * An invalid flag was specified. * The value in cbDest is larger than the maximum buffer size. * The destination buffer was already full. * A NULL pointer was present without the STRSAFE_IGNORE_NULLS flag. * The destination buffer pointer was NULL, but the buffer size was not zero. * The destination buffer pointer was NULL, or its length was zero, but a nonzero length source string was present. |
RtlStringCbCopyNExW and RtlStringCbCopyNExA should be used instead of strncpy. However, these functions differ in behavior. If cbSrc is larger than the number of bytes in pszSrc, the RtlStringCbCopyNEx functions, unlike strncpy, do not fill pszDest with null characters until cbSrc bytes have been copied.
The size, in bytes, of the destination buffer is provided to RtlStringCbCopyNExW and RtlStringCbCopyNExA to ensure that they do not write past the end of this buffer.
RtlStringCbCopyNEx adds to the functionality of RtlStringCbCopyN by returning a pointer to the end of the destination string as well as the number of bytes left unused in that string. Flags may also be passed to the function for additional control.
Use RtlStringCbCopyNExW to handle Unicode strings and RtlStringCbCopyNExA to handle ANSI strings. The form you use depends on your data, as shown in the following table.
| String data type | String literal | Function |
|---|---|---|
| WCHAR | L"string" | RtlStringCbCopyNExW |
| char | "string" | RtlStringCbCopyNExA |
If pszSrc and pszDest point to overlapping strings, the behavior of the function is undefined.
Neither pszSrc nor pszDest can be NULL unless the STRSAFE_IGNORE_NULLS flag is set, in which case either or both can be NULL. If pszDest is NULL, pszSrc must either be NULL or point to an empty string.
For more information about the safe string functions, see Using safe string functions.