Dave's Brain

Browse - Programming Tips - What's the best and safest way to copy strings in C/C++ ?

Date: 2004Oct22
Language: C/C++

Q.  What's the best and safest way to copy strings in C/C++ ?

A.

BAD		REASON
strcpy() 	no bounds checking
lstrcpy()	ditto - Windows only
lstrcpyW()	ditto - Windows only (Unicode)
strncpy()	terminating NUL isn't guaranteed

GOOD		REASON
strcpyn()	bounds checking and terminating NUL guaranteed
strlcpy()	ditto - BSD and Dave only
lstrcpyn()	ditto - Windows only
lstrcpynW()	ditto - Windows only (Unicode)

The Linux manual page for strcpy() says:

 If the destination string of a strcpy() is not large enough  (that  is,
 if  the programmer was stupid/lazy, and failed to check the size before
 copying) then anything might happen.  Overflowing fixed length  strings
 is a favourite cracker technique.


Q.  What about string concatenation?

A.

BAD		REASON
strcat()	no bounds checking
lstrcat()	ditto - Windows only
lstrcatW()	ditto - Windows only

GOOD		REASON
strlcat()	bounds checking and terminating NUL guaranteed - BSD and Dave only


Or use std::string or CString

Add a comment

Sign in to add a comment
Copyright © 2008-2017, dave - Code samples on Dave's Brain is licensed under the Creative Commons Attribution 2.5 License. However other material, including English text has all rights reserved.