Why strcpy and strncpy are not safe to use?
strcpy() function
The strcpy() function is used to copy the source string to destination string. If the buffer size of dest string is more than src string, then copy the src string to dest string with terminating NULL character. But if dest buffer is less than src then it will copy the content without terminating NULL character. The strings may not overlap, and the destination string must be large enough to receive the copy.
Syntax:
char *strcpy( char *dest, const char *src )
Parameters: This function accepts two parameters as mentioned above and described below:
- src: The string which will be copied.
- dest: Pointer to the destination array where the content is to be copied.
Return Value: It returns a pointer to the destination string.
C++
#include <iostream>
#include <cstring>
using namespace std;
int main()
{
char src[] = "geeksforgeeks" ;
char dest[14];
strcpy (dest, src);
cout << "Copied string: " << dest << endl;
return 0;
}
|
C
#include <stdio.h>
#include <string.h>
int main()
{
char src[] = "geeksforgeeks" ;
char dest[14];
strcpy (dest, src);
printf ( "Copied string: %s\n" , dest);
return 0;
}
|
Output:
Copied string: geeksforgeeks
Time Complexity: O(n)
Auxiliary Space: O(1)
Problem with strcpy(): The strcpy() function does not specify the size of the destination array, so buffer overrun is often a risk. Using strcpy() function to copy a large character array into a smaller one is dangerous, but if the string will fit, then it will not be worth the risk. If the destination string is not large enough to store the source string then the behavior of strcpy() is unspecified or undefined.
C++
#include <iostream>
#include <cstring>
using namespace std;
int main()
{
char src[] = "geeksforgeeks" ;
char dest[2];
strcpy (dest, src);
cout << "Copied string: " << dest << endl;
return 0;
}
|
C
#include <stdio.h>
#include <string.h>
int main()
{
char src[] = "geeksforgeeks" ;
char dest[2];
strcpy (dest, src);
printf ( "Copied string: %s\n" , dest);
return 0;
}
|
Output:
Copied string: geeksforgeeks
Time Complexity: O(n)
Auxiliary Space: O(1)
strncpy() function
The strncpy() function is similar to strcpy() function, except that at most n bytes of src are copied. If there is no NULL character among the first n character of src, the string placed in dest will not be NULL-terminated. If the length of src is less than n, strncpy() writes an additional NULL characters to dest to ensure that a total of n characters are written. Syntax:
char *strncpy( char *dest, const char *src, size_t n )
Parameters: This function accepts three parameters as mentioned above and described below:
- src: The string which will be copied.
- dest: Pointer to the destination array where the content is to be copied.
- n: The first n character copied from src to dest.
Return Value: It returns a pointer to the destination string.
Example:
C++
#include <iostream>
#include <cstring>
using namespace std;
int main()
{
char src[] = "geeksforgeeks" ;
char dest[14];
strncpy (dest, src, 14);
cout << "Copied string: " << dest << endl;
return 0;
}
|
C
#include <stdio.h>
#include <string.h>
int main()
{
char src[] = "geeksforgeeks" ;
char dest[14];
strncpy (dest, src, 14);
printf ( "Copied string: %s\n" , dest);
return 0;
}
|
Output:
Copied string: geeksforgeeks
Time Complexity: O(n)
Auxiliary Space: O(1)
Problem with strncpy(): If there is no null character among the first n character of src, the string placed in dest will not be null-terminated. So strncpy() does not guarantee that the destination string will be NULL terminated. The strlen() non-terminated string can cause segfault. In other words, a non-terminated string in C/C++ is a time-bomb just waiting to destroy code.
C++
#include <iostream>
#include <cstring>
using namespace std;
int main()
{
char src[] = "geeksforgeeks" ;
char dest[8];
strncpy (dest, src, 8);
int len = strlen (dest);
cout << "Copied string: " << dest << endl;
cout << "Length of destination string: " << len << endl;
return 0;
}
|
C
#include <stdio.h>
#include <string.h>
int main()
{
char src[] = "geeksforgeeks" ;
char dest[8];
strncpy (dest, src, 8);
int len = strlen (dest);
printf ( "Copied string: %s\n" , dest);
printf ( "Length of destination string: %d\n" , len);
return 0;
}
|
Output:
Copied string: geeksfor
Length of destination string: 8
Time Complexity: O(n)
Auxiliary Space: O(1)
Now, the next question is, any function that guarantees the destination string will be NULL-terminated and no chance of buffer overrun? So, the answer of above question is “YES”, there are several function in “stdio.h” library which guarantee the above condition will be satisfied.
Both functions guarantee that the destination string will be NULL terminated.Similarly, snprintf() function, strlcpy function copied at most dest_size-1 characters (dest_size is the size of the destination string buffer) from src to dst, truncating src if necessary. The result is always null-terminated. The function returns strlen(src). Buffer overflow can be checked as follows:
if (strlcpy(dst, src, dstsize) >= dest_size)
return -1;
Ranking the functions according to level of sanity:
strcpy < strncpy < snprintf < strlcpy
Last Updated :
03 Feb, 2023
Like Article
Save Article
Share your thoughts in the comments
Please Login to comment...