strlen(psz2)
is reading uninitialised memory so may read beyond the end of your array. This means that the length you pass to strcpy_s
will be unpredictable and may result in you writing beyond the end of the memory allocated for psz1
.
Assuming the end of your function is valid (I'm not sufficiently familiar with CString to say for sure), you could simply change your strcpy_s
line to
strcpy_s( psz2, pstr->GetLength() + 1, (const char *) *pstr );
You may run into problems here with win32 string handling functions that switch between 8 and 16-bit characters depending on the UNICODE
and _UNICODE
defines. I agree with Alok Save and others that switching to using std::string
would be clearer and simpler.