The latest version of this topic can be found at memcpy, wmemcpy.
Copies bytes between buffers. More secure versions of these functions are available; see memcpy_s, wmemcpy_s.
void *memcpy( void *dest, const void *src, size_t count ); wchar_t *wmemcpy( wchar_t *dest, const wchar_t *src, size_t count );
Buffer to copy from.
Number of characters to copy.
The value of
count bytes from
count wide characters (two bytes). If the source and destination overlap, the behavior of
memcpy is undefined. Use
memmove to handle overlapping regions.
Make sure that the destination buffer is the same size or larger than the source buffer. For more information, see Avoiding Buffer Overruns.
Because so many buffer overruns, and thus potential security exploits, have been traced to improper usage of
memcpy, this function is listed among the “banned” functions by the Security Development Lifecycle (SDL). You may observe that some VC++ library classes continue to use
memcpy. Furthermore, you may observe that the VC++ compiler optimizer sometimes emits calls to
memcpy. The Visual C++ product is developed in accordance with the SDL process, and thus usage of this banned function has been closely evaluated. In the case of library use of it, the calls have been carefully scrutinized to ensure that buffer overruns will not be allowed through these calls. In the case of the compiler, sometimes certain code patterns are recognized as identical to the pattern of
memcpy, and are thus replaced with a call to the function. In such cases, the use of
memcpy is no more unsafe than the original instructions would have been; they have simply been optimized to a call to the performance-tuned
memcpy function. Just as the use of “safe” CRT functions doesn’t guarantee safety (they just make it harder to be unsafe), the use of “banned” functions doesn’t guarantee danger (they just require greater scrutiny to ensure safety).
memcpy usage by the VC++ compiler and libraries has been so carefully scrutinized, these calls are permitted within code that is otherwise compliant with SDL.
memcpy calls introduced in application source code are only compliant with the SDL when that use has been reviewed by security experts.
wmemcpy functions will only be deprecated if the constant
_CRT_SECURE_DEPRECATE_MEMORY is defined prior to the inclusion statement in order for the functions to be deprecated, such as in the example below:
#define _CRT_SECURE_DEPRECATE_MEMORY #include <memory.h>
#define _CRT_SECURE_DEPRECATE_MEMORY #include <wchar.h>
||<memory.h> or <string.h>|
For additional compatibility information, see Compatibility in the Introduction.
See memmove for a sample of how to use