strcpy
From Wikipedia, the free encyclopedia
The C programming language offers a library function called strcpy, defined in the string.h header file, that allows null-terminated memory blocks to be copied from one location to another. Since strings in C are not first-class data types and are implemented instead as contiguous blocks of bytes in memory, strcpy will effectively copy strings given two pointers to blocks of allocated memory.
The prototype of the function is:[1]
char *strcpy(char *destination, const char *source);
The return value is destination.
Contents |
[edit] Usage and implementation
For example
char *str1 = malloc(LARGE_NUMBER); char *str2 = malloc(LARGE_NUMBER); fgets(str1, LARGE_NUMBER, stdin); strcpy(str2, str1); /* the argument order mimics that of an assignment: str2 "=" str1 */
In the first two lines memory is allocated to hold two strings storing the memory addresses in str1 and str2. Next the memory pointed by str1 is filled using some user-input string. After that the string is copied from one memory block into the other. Although the simple assignment str2 = str1 might appear to do the same thing, it only copies the memory address of str1 into str2 but not the actual string. Both str1 and str2 would refer to the same memory block. This is known as a shallow copy because it does not actually create a new, identical string.
The strcpy function performs a copy by iterating over the individual characters of the string and copying them one by one. An explicit implementation of strcpy (there are more compact possibilities) is:
char *strcpy(char *dest, const char *src) { const char *p; char *q; for(p = src, q = dest; *p != '\0'; p++, q++) *q = *p; *q = '\0'; return dest; }
[edit] Buffer overflows
strcpy can be dangerous because if the string to be copied is too long to fit in the destination buffer, it will overwrite adjacent memory, causing unpredictable behavior. Usually the program will simply cause a segmentation fault when this occurs, but a skilled attacker can use such a buffer overflow to break into a system (see computer security).
[edit] Bounds checking variants
[edit] strncpy
The most common bounded variant, strncpy, copies a specified number of bytes and then zeros out the destination buffer until it reaches the specified maximum length. It is susceptible to buffer overflow only if the number of bytes specified is larger than the destination string; however because it does not guarantee null termination of strings when the source string is longer than the specified maximum length it can sometimes result in a read exception if the program later assumes the output string is properly null terminated.
[edit] strlcpy
The strlcpy function, created by OpenBSD developers Todd C. Miller and Theo de Raadt, is often regarded as a safer version of strncpy. It has been ported to a number of operating systems, but notably rejected by glibc maintainers, who suggest that C programmers need to keep track of string length and that "using these function only leads to other errors."[2]
[edit] strcpy_s
The strcpy_s function, proposed for standardisation in ISO/IEC TR 24731,[3][4] is supported by some C libraries, including the Microsoft C Runtime Library.[5] It differs from strcpy in that it takes an extra parameter describing the size of the destination buffer and returns an error on overflow, thus preventing buffer overflow. However it is also explicitly unsupported by some libraries, including the GLibc library[6].
[edit] References
- ^ strcpy - C++ Reference
- ^ libc-alpha mailing list, selected messages from 8 Aug 2000 thread: 53, 60, 61
- ^ ISO/IEC. ISO/IEC WDTR 24731 Specification for Secure C Library Functions. International Organization for Standardization. Retrieved on 2008-04-23.
- ^ Plakosh, Daniel. strcpy_s() and strcat_s(). Pearson Education, Inc.. Retrieved on 2006-08-12.
- ^ Microsoft. Security Enhancements in the CRT. MSDN. Retrieved on 2006-08-12.
- ^ Re: Implementing "Extensions to the C Library" (ISO/IEC WG14 N1172).
