Copying Strings

Posted on by

The C language has string manipulation functions, but they’re tepid. In fact, the C23 update includes even more functions to duplicate strings and to stick them together. These actions are simple in other languages, but create such a problem for C that coding a string copying function is often a skill you must demonstrate when applying for a C programming job.

For example, in PHP you use the obvious + operator to stick two strings together:

$string = "this" + "that";

Such an expression in C would make the compiler barf. No, you’re instructed as a beginning C programmer to use a function to stick two strings together. Worse, you’re forced to learn the word concatenation, which is the single-word, 5-sylable monster that means “to stick two things together.” (Well, not exactly, but the real answer isn’t funny.)

Consider the following code, which shows a typical example of how a string is copied from one buffer into another:

2025_09_27-Lesson-a.c

#include <stdio.h>
#include <string.h>

int main()
{
    char dest[16];
    char src[] = "The string is the thing";

    strcpy(dest,src);

    printf("%s\n",dest);

    return 0;
}

Array dest[] holds 16 bytes. Array src[] is a string, but it’s 23 characters long — too big to fix into the destination string. So where do those extra characters go?

No one knows.

Is this bad?

Yes, it is. Buffer overflow is a security risk. Further, the build process doesn’t catch this flaw. Running the program may result in a segmentation fault, but my purpose is to demonstrate how weak the strcpy() function is — and it’s used all the time.

This modification to the code definitely results in a segmentation fault/core dump on my machine:

2025_09_27-Lesson-b.c

#include <stdio.h>
#include <string.h>

int main()
{
    char dest[11];
    char src[] = "The string is the thing";

    strcpy(dest,src);

    printf("Copied '%s' to '%s'\n",src,dest);

    return 0;
}

I changed the buffer size for dest[] to 11 bytes. The original size of 16 bytes may cause the buffer’s memory alignment to provide enough space to accommodate the overflow. A value of 11 is weird, which means the next item located in memory can be clobbered by the incoming text and generate a segmentation fault.

This final example shows a string being copied into an occupied buffer:

2025_09_27-Lesson-c.c

#include <stdio.h>
#include <string.h>

int main()
{
    char dest[] = "Don't clobber me!";
    char src[] = "String thing";

    strcpy(dest,src);

    printf("Copied '%s' to '%s'\n",src,dest);

    return 0;
}

In this code, dest[] is longer than src[], so enough room is available. But no checking is done to ensure that the buffer isn’t occupied — not that this condition is a concern, but should a test be made? Could it be made? And what happens to the leftover characters in the original buffer? It’s lost storage.

In next week’s Lesson, I offer a custom string copying function, similar to the one that a potential employer may ask C programmer to code. If you like, you can try to code your own “better” version of strcpy() before then. After all, if you’re planning on getting a coding job, it might just be good practice.

Leave a Reply