Hi we know strcpy_s has been introduced as a secure version of strcpy.
It's signature is:
errno_t strcpy_s(
char *strDestination,
size_t numberOfElements,
const char *strSource
);
But I have a feeling it is still not secure. Although we specify length of destination buffer (e.g., numberOfElements) -- imagine if someone specifies false numberOfElements value, and sets it to 100 say, when the size of destination in reality, is 50? What happens in such a case?
What is your opinion? So I am thinking to evaluate code which contains
strcpy
functions inside it and must provide some recommendation.