memcpy_s 的安全提示

errno_t memcpy_s( void *restrict dest, rsize_t destsz,                   const void *restrict src, rsize_t count );	(2)	(since C11)

1) Copies  count characters from the object pointed to by  src to the object pointed to by  dest. Both objects are interpreted as arrays of  unsigned char.

 The behavior is undefined if access occurs beyond the end of the dest array. If the objects overlap  (which is a violation of the restrict contract) (since C99), the behavior is undefined. The behavior is undefined if either  destor  src is a null pointer.

2) Same as  (1), except that the following errors are detected at runtime and cause the entire destination range  [dest, dest+destsz) to be zeroed out (if both  dest and  destsz are valid), as well as call the currently installed  constraint handler function:

• dest or src is a null pointer
• destsz or count is greater than RSIZE_MAX
• count is greater than destsz (buffer overflow would occur)
• the source and the destination objects overlap

 The behavior is undefined if the size of the character array pointed to by  dest <  count <=  destsz; in other words, an erroneous value of  destsz does not expose the impending buffer overflow.

As all bounds-checked functions,  memcpy_s is only guaranteed to be available if  __STDC_LIB_EXT1__ is defined by the implementation and if the user defines  __STDC_WANT_LIB_EXT1__ to the integer constant  1before including  string.h.

Parameters

dest	-	pointer to the object to copy to
destsz	-	max number of bytes to modify in the destination (typically the size of the destination object)
src	-	pointer to the object to copy from
count	-	number of bytes to copy

Return value

1) Returns a copy of  dest

2) Returns zero on success and non-zero value on error. Also on error, if  dest is not a null pointer and  destsz is valid, writes  destsz zero bytes in to the destination array.