Dave's Brain

Browse - programming tips - string copy

Date: 2004Oct22
Lanuage: C

Q.  What's the best and safest way to copy strings in C/C++ ?

A.

BAD		REASON
strcpy() 	no bounds checking
lstrcpy()	ditto - Windows only
lstrcpyW()	ditto - Windows only (Unicode)
strncpy()	terminating NUL isn't guaranteed

GOOD		REASON
strcpyn()	bounds checking and terminating NUL guaranteed
strlcpy()	ditto - BSD and Dave only
lstrcpyn()	ditto - Windows only
lstrcpynW()	ditto - Windows only (Unicode)

The Linux manual page for strcpy() says:

 If the destination string of a strcpy() is not large enough  (that  is,
 if  the programmer was stupid/lazy, and failed to check the size before
 copying) then anything might happen.  Overflowing fixed length  strings
 is a favourite cracker technique.


Q.  What about string concatenation?

A.

BAD		REASON
strcat()	no bounds checking
lstrcat()	ditto - Windows only
lstrcatW()	ditto - Windows only

GOOD		REASON
strlcat()	bounds checking and terminating NUL guaranteed - BSD and Dave only


Or use std::string or CString

Add a comment

Sign in to add a comment
Copyright © 2008, dave - Code on Dave's Brain is licensed under the Creative Commons Attribution 2.5 License.