Not understanding why I'm getting error message

Question

I coded this program and I been looking on it for the last two hours before coming here. I get the error message Function or variable unsafe consider using strcpy_s my book says nothing about strcpy_s. Maybe a fresh set of eye's will see what I don't see. here is the code I wrote

  #include "stdafx.h"
  #include <iostream>
  #include <iomanip>
  #include <string>


  using namespace std;

  class HotelRoom
  {
   private:
char room_no [3];
char* guest;
int capacity;
int occupancy;
double rate;
 public:
HotelRoom(char room[],int, double = 89.00, char* n_p = 0, int= 0);
~HotelRoom();
void Display_get_number();
void Display_guest();
int get_capacity();
int get_status();
double get_rate();
void change_rate(double);
bool change_status(int);

};  
 HotelRoom::HotelRoom (char room[], int cap, double rt, char*n_p, int occup)
{
strcpy(room_no, room);
guest = new char[strlen(n_p) + 1];
strcpy(guest, n_p);
capacity = cap;
    occupancy = occup;
rate = rt;
cout << " defaut for the following " << room << endl << endl;
cout << " Capacity " << capacity << endl <<  endl;
cout << " rate " << rate << endl <<  endl;
cout << " Room Guest " << guest << endl << endl;
cout << " Occupancy " << occupancy <<  endl << endl;

  }
  HotelRoom::~HotelRoom()
  {
cout << "\nHotelRoom " << room_no <<" terminated. ";
delete [] guest;
  }
  void HotelRoom::Display_get_number()
  {
cout << room_no;
  }
  void HotelRoom::Display_guest()
  {
cout << guest;
  }
  int HotelRoom::get_capacity()
  {
return capacity;
  }
  int HotelRoom::get_status()
  {

return occupancy;
  }
   double HotelRoom::get_rate()
  {
return rate;
  }

   void HotelRoom::change_rate( double amount)
  {
rate += amount;
  }
  bool HotelRoom::change_status(int occupancy)
  {
    if (occupancy <= capacity )
    {
        this-> occupancy = occupancy;
        return true;
    }
    else
       return false;
   }



    int _tmain(int argc, _TCHAR* argv[])

 {

cout << setprecision(2)
     << setiosflags(ios::fixed)
     << setiosflags(ios::showpoint);

HotelRoom guest ("134",4,0, "Dennard Beale", 0);


cout << endl;
cout << " *****End of program***** " << endl;

system("pause");
return 0;

 }

Answer 1

Function or variable unsafe consider using strcpy_s

This is a warning from Visual Studio (warning C4996), and you can refer to MSDN for this or Google this warning notice.

The MSDN Link about Compiler Warning (level 3) C4996: http://msdn.microsoft.com/en-us/library/ttcz0bys.aspx

As you know, the implementation of strcpy is to copy string from source to dest. And there is a condition that the source is large than dest. And in this situation, the function strcpy cannot report any error about this. This is called " buffer overflow". So in Visual Studio, M$ suggest this function to be deprecated, it suggest you to use strcpy_s to replace the deprecated function strcpy.

Buffer overflow reference: http://en.wikipedia.org/wiki/Buffer_overflow

strcpy_s function explain: http://msdn.microsoft.com/en-us/library/td1esda9(v=vs.90).aspx

Answer 2

Hi strcpy in the standard library doesn't check if the buffer to be copied is greater than destination buffer whereas strcpy_s performs this check using the size_t numofElements. Example

char chbuff[10]={0}; //a buffer
strcpy(chbuff,"helloworld!"); //This will probably cause buffer overrun and undefined behaviour  
strcpy_s(chbuff,10,"helloworld!"); //this will give you debug assertion failure in visual studio with error buffer too small

Answer 3

strcpy_s is a version of strcpy with security enhancements as described in Security Enhancements in the CRT.

strcpy is 'unsafe' because it can cause Buffer Overflows. A malicious user can exploit this to gain control over your program. As such, strcpy_s (read as 'string copy secure') was introduced by Microsoft, rendering strcpy deprecated. You should use strcpy_s instead of strcpy in Visual Studio.

Alternatively, use std::string

Answer 4

Function or variable unsafe consider using strcpy_s

That's a visual studio specific warning. From MSDN:

The function strcpy is considered unsafe due to the fact that there is no bounds checking and can lead to buffer overflow.

Consequently, as it suggests in the error description, you can use strcpy_s instead of strcpy:

strcpy_s( char *strDestination, size_t numberOfElements, const char *strSource );

MSDN forum post on the subject