I am trying to update some “legacy” code to match the latest security updates for MSVC, and am encountering some migration problems from _vsnprintfbefore _vsnprintf_s.
In particular, I called _vsnprintfwith zero buffer and zero for count / length, getting the result, allocating the buffer of the required size ( return value + 1), and then again calling _vsnprintfwith the newly allocated buffer and the known correct size:
size_t length = _vsntprintf(nullptr, 0, mask, params);
TCHAR *final = new TCHAR [length + 1];
_vsntprintf(final, length + 1, mask, params);
This behavior is documented on MSDN :
If the buffer size specified by the counter is not large enough to contain the output specified in the format and argptr, the vsnprintf return value is the number of characters that would be written if the number was large enough. If the return value is greater than count-1, the output has been truncated.
I am trying to do the same with _vsnprintf_s, but its documentation does not contain the same . Instead he says
If the storage required for data storage and the trailing zero exceeds sizeOfBuffer, an invalid parameter handler is called, as described in Parametric verification, if the counter is not _TRUNCATE, in which case most of the line that will be buffered is written and -1.
Try the following in any case:
size_t length = _vsntprintf_s(nullptr, 0, 0, mask, params);
"" . _TRUNCATE (-1) , :
: buffer!= nullptr && & buffer_count > 0
, _set_invalid_parameter_handler - , , ?