RtlStringCchCopyNExW function (ntstrsafe.h)

The RtlStringCchCopyNExW and RtlStringCchCopyNExA functions copy a character-counted string to a buffer while limiting the size of the copied string.

Syntax

NTSTRSAFEDDI RtlStringCchCopyNExW(
  [out, optional] NTSTRSAFE_PWSTR pszDest,
  [in]            size_t          cchDest,
  [in, optional]  STRSAFE_PCNZWCH pszSrc,
                  size_t          cchToCopy,
  [out, optional] NTSTRSAFE_PWSTR *ppszDestEnd,
  [out, optional] size_t          *pcchRemaining,
  [in]            DWORD           dwFlags
);

Parameters

[out, optional] pszDest

A pointer to a caller-supplied buffer that receives the copied string. The string at pszSrc is copied to the buffer at pszDest and terminated with a null character. The pszDest pointer can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.

[in] cchDest

The size, in characters, of the destination buffer. The maximum number of characters allowed is NTSTRSAFE_MAX_CCH. If pszDest is NULL, cchDest must be zero.

[in, optional] pszSrc

A pointer to a caller-supplied, null-terminated string.

cchToCopy

The maximum number of characters to copy from *pszSrc* to the buffer that is supplied by *pszDest*.

[out, optional] ppszDestEnd

If the caller supplies a non-NULL address pointer then, after the copy operation completes, the function loads that address with a pointer to the destination buffer's resulting null string terminator.

[out, optional] pcchRemaining

If the caller supplies a non-NULL address pointer, the function loads the address with the number of unused characters that are in the buffer pointed to by pszDest, including the terminating null character.

[in] dwFlags

One or more flags and, optionally, a fill byte. The flags are defined as follows:

Value Meaning
STRSAFE_FILL_BEHIND_NULL If this flag is set and the function succeeds, the low byte of dwFlags is used to fill the portion of the destination buffer that follows the terminating null character.
STRSAFE_IGNORE_NULLS If this flag is set, either pszDest or pszSrc, or both, can be NULL. NULL pszSrc pointers are treated like empty strings (TEXT("")), which can be copied. NULL pszDest pointers cannot receive nonempty strings.
STRSAFE_FILL_ON_FAILURE If this flag is set and the function fails, the low byte of dwFlags is used to fill the entire destination buffer, and the buffer is null-terminated. This operation overwrites any preexisting buffer contents.
STRSAFE_NULL_ON_FAILURE If this flag is set and the function fails, the destination buffer is set to an empty string (TEXT("")). This operation overwrites any preexisting buffer contents.
STRSAFE_NO_TRUNCATION

If this flag is set and the function returns STATUS_BUFFER_OVERFLOW:

  • If STRSAFE_FILL_ON_FAILURE is also specified, STRSAFE_NO_TRUNCATION fills the destination buffer accordingly.
  • Otherwise, the contents of the destination buffer will be set to an empty string, even if STRSAFE_NULL_ON_FAILURE is not set. STRSAFE_FILL_BEHIND_NULL is ignored.

Return value

The function returns one of the NTSTATUS values that are listed in the following table. For information about how to test NTSTATUS values, see Using NTSTATUS Values.

Return code Description
STATUS_SUCCESS This success status means source data was present, the string was copied without truncation, and the resultant destination buffer is null-terminated.
STATUS_BUFFER_OVERFLOW This warning status means the copy operation did not complete due to insufficient space in the destination buffer. If STRSAFE_NO_TRUNCATION is set in dwFlags, see the dwFlags parameter for more information.
STATUS_INVALID_PARAMETER

This error status means the function received an invalid input parameter. For more information, see the following paragraph.

The function returns the STATUS_INVALID_PARAMETER value when:

  • An invalid flag was specified.
  • The value in cchDest is larger than the maximum buffer size.
  • The destination buffer was already full.
  • A NULL pointer was present without the STRSAFE_IGNORE_NULLS flag.
  • The destination buffer pointer was NULL, but the buffer size was not zero.
  • The destination buffer pointer was NULL, or its length was zero, but a nonzero length source string was present.

Remarks

RtlStringCchCopyNExW and RtlStringCchCopyNExA should be used instead of strncpy. The functions copy a given number of characters from a source string. The size, in characters, of the destination buffer is provided to RtlStringCchCopyNExW and RtlStringCchCopyNExA to ensure that they do not write past the end of the buffer.

Note that these functions behave differently from strncpy in one respect. If cchSrc is larger than the number of characters in pszSrc, RtlStringCchCopyNExW and RtlStringCchCopyNExA—unlike strncpy—do not continue to pad pszDest with null characters until cchSrc characters have been copied.

RtlStringCchCopyNExW and RtlStringCchCopyNExA add to the functionality of RtlStringCchCopyN by returning a pointer to the end of the destination string, as well as the number of characters left unused in that string. Flags can be passed to the function for additional control.

Use RtlStringCchCopyNExW to handle Unicode strings and RtlStringCchCopyNExA to handle ANSI strings. The form you use depends on your data, as shown in the following table.

String data type String literal Function
WCHAR L"string" RtlStringCchCopyNExW
char "string" RtlStringCchCopyNExA

If pszSrc and pszDest point to overlapping strings, the behavior of the function is undefined.

Neither pszSrc nor pszDest can be NULL unless the STRSAFE_IGNORE_NULLS flag is set, in which case either or both can be NULL. If pszDest is NULL, pszSrc must either be NULL or point to an empty string.

For more information about the safe string functions, see Using safe string functions.

Requirements

Requirement Value
Minimum supported client Available in Windows XP with Service Pack 1 (SP1) and later versions of Windows.
Target Platform Desktop
Header ntstrsafe.h (include Ntstrsafe.h)
Library Ntstrsafe.lib
IRQL Any if strings being manipulated are always resident in memory, otherwise PASSIVE_LEVEL

See also