C4996 (function unsafe) warning for strcpy but not for memcpy

Question

I am writing code in VS2010 and I happen to see after compilation compiler gives me C4996 warning (\"This function or variable may be unsafe\") for strcpy and sprintf calls.

Answer 1

strcpy is unsafe if the terminating NUL is missing, as it may copy more characters than fit in the destination area. With memcpy, the number of bytes copied is fixed.

The memcpy_s function actually makes it easier for programmers to do it wrong -- you pass two lengths, and it uses the smaller of both, and all you get is an error code that can be silently ignored with no effort. Calling memcpy requires filling out the size parameter, which should make programmers think about what to pass.