{"id":3644,"date":"2019-06-22T00:01:15","date_gmt":"2019-06-22T07:01:15","guid":{"rendered":"https:\/\/c-for-dummies.com\/blog\/?p=3644"},"modified":"2019-06-15T14:13:03","modified_gmt":"2019-06-15T21:13:03","slug":"the-perils-of-strncpy","status":"publish","type":"post","link":"https:\/\/c-for-dummies.com\/blog\/?p=3644","title":{"rendered":"The Perils of <em>strncpy()<\/em>"},"content":{"rendered":"<p>Always be careful when manipulating strings! Tack on that null character, <code>'\\0'<\/code>, at the end of a string! And don&#8217;t worry about the C language string functions: They perform this important feature for you. But do they all?<br \/>\n<!--more--><br \/>\nWell, not really.<\/p>\n<p>I discovered an issue when I recently used the <em>strncpy()<\/em> function and found some peculiar output. Not understanding why my output string had extra characters, I perused the man pages and discovered this warning:<\/p>\n<blockquote><p>The <em>stpncpy()<\/em> and <em>strncpy()<\/em> functions copy at most <code>len<\/code> characters from <code>src<\/code> into <code>dst<\/code>.  If <code>src<\/code> is less than <code>len<\/code> characters long, the remainder of <code>dst<\/code> is filled with <code>`\\0'<\/code> characters.  <strong>Otherwise, <code>dst<\/code> is not terminated<\/strong>.<\/p><\/blockquote>\n<p>That last line is significant. When the number of characters copied is shorter than the string being copied, a null character is not added. Therein you find potential for weird strings &mdash; and perhaps some unintended buffer overflow.<\/p>\n<p>Here is sample code that illustrates the problem:<\/p>\n<pre class=\"screen\">\r\n#include &lt;stdio.h&gt;\r\n#include &lt;string.h&gt;\r\n\r\nint main()\r\n{\r\n    char source[] = \"My text will be copied\";\r\n    char destination[] = \"123456789012345678901234567890\";\r\n\r\n    strncpy(destination,source,7);\r\n    printf(\"%s\\n\",destination);\r\n\r\n    return(0);\r\n}<\/pre>\n<p>At Line 9, only 7 characters of string <code>source<\/code> are copied into string <code>destination<\/code>. Because <code>source<\/code> is longer than 7 characters, the null character isn&#8217;t appended. Here&#8217;s the output:<\/p>\n<p><code>My text89012345678901234567890<\/code><\/p>\n<p>If the destination buffer is uninitialized, the output is unpredictable, spewing forth whatever garbage is in the buffer. This effect is what I saw in my test program.<\/p>\n<p>The following code shows what happens with the source string is shorter than the length of bytes copied:<\/p>\n<pre class=\"screen\">\r\n#include &lt;stdio.h&gt;\r\n#include &lt;string.h&gt;\r\n\r\nint main()\r\n{\r\n    char source[] = \"My text will be copied\";\r\n    char destination[] = \"123456789012345678901234567890\";\r\n\r\n    strncpy(destination,source,25);\r\n    printf(\"%s\\n\",destination);\r\n\r\n    return(0);\r\n}<\/pre>\n<p>String <code>source<\/code> is only 22 characters long. Hopefully the <em>strncpy()<\/em> function is wise enough to see that it terminates before all 25 characters are copied into the <code>destination<\/code> buffer. Here&#8217;s the output:<\/p>\n<p><code>My text will be copied<\/code><\/p>\n<p>The string is copied and terminated as it&#8217;s declared; no extra characters are copied. The null character prevents the remainder of the text in the <code>destination<\/code> buffer from appearing.<\/p>\n<p>I tried to rack my brain to figure out why the null character isn&#8217;t added when the source string is longer than the characters copied. A good reason must exist or they wouldn&#8217;t have written the function as it is. If you can figure out why such a feature is useful, let me know. I&#8217;m sure some valid purpose exists.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Most string functions are careful to cap the text they manipulate with a null character. The <em>strncpy()<\/em> function is not so generous. <a href=\"https:\/\/c-for-dummies.com\/blog\/?p=3644\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-3644","post","type-post","status-publish","format-standard","hentry","category-main"],"_links":{"self":[{"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3644","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3644"}],"version-history":[{"count":3,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3644\/revisions"}],"predecessor-version":[{"id":3658,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3644\/revisions\/3658"}],"wp:attachment":[{"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3644"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3644"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3644"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}