Qt Program crashes with another compiler

Question

Could anyone tell me what's wrong with this part of my code? It crashes during execution.

void MainWindow::on_pushButton_clicked()
{
char * cstr = new char [ui->lineEdit->text().length()];
       string costam;
       costam=ui->lineEdit->text().toStdString();
       strcpy(cstr, costam.c_str()); <<<----TROUBLE LINE
       int z;
       z=costam.length();
       for(int n=0;n<z;n++){
            string wynik;
            wynik=konwersja(cstr[n]);
            mors(wynik);
            Sleep(300);
           }
   delete[] cstr;
   }

When I try to compile it with MinGW in Qt 5.0.1 everything is OK but with MSVC2010 in Qt 4.8.1 there is a warning:

warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.

Answer 1

Your question is wrong. This code compiles and there's nothing about QT here.

strcpy is deprecated because it's unsafe. Alternative is strcpy_s :

strcpy_s( cstr, ui->lineEdit->text().length() + 1, costam.c_str() );

Note that you should allocate ui->lineEdit->text().length() + 1 , not ui->lineEdit->text().length() . That's the reason of crash, I guess.

BTW I see no reason to use cstr array in your code at all. As example:

void MainWindow::on_pushButton_clicked() {
    string costam;
    costam = ui->lineEdit->text().toStdString();
    for( size_t n = 0; n < costam.length(); n++ ) {
        string wynik;
        wynik = konwersja( costam[ n ] );
        mors( wynik );
        Sleep( 300 );
        }
    }

Answer 2

Can you change this line strcpy(cstr, costam.c_str()); with strcpy_s(cstr, costam.c_str()); try compiling again?

Also it shouldn't prevent compiling, MSVC2010 is just warning about an unsafe usage. You can also lower the warning level of MSVC2010 .

Answer 3

Because people are not very aware of security when programming C++, and Windows gets a bad rap because of it, Visual Studio "deprecated" several functions which are common causes of buffer overflows. In this case you should be fine, and can probably just disable the warning by defining _CRT_SECURE_NO_WARNINGS. You may also find this issue with posix functions, too, in which case you would be able to disable those warnings with a separate #define.

Answer 4

You have two problems here.

The crash is because strcpy will write length + 1 characters into the destination buffer, but your buffer is only of size length . The +1 is for the null termination character, which is not included in length .

The warning is because Microsoft believes its too easy to make mistakes using strcpy and discourages its use. As Joel mentioned, you could enable a define to prevent that warning. I would not recommend semihyagcioglu and Microsoft's suggestion of using strcpy_s, as it's not a portable solution.

I'd also like to note that while fixing those things will make your code compile and run without error, there are other questions. Like: why do you need the cstr variable in the first place? cstr[n] can probably be replaced with costam.data()[n]. Then the cstr variable won't need to exist at all. You won't need the new, delete or strcpy.