strcpy, strncpy — copy a string
#include <string.h>
char
*strcpy( |
char *dest, |
const char *src) ; |
char
*strncpy( |
char *dest, |
const char *src, | |
size_t n) ; |
The strcpy
() function copies
the string pointed to by src
, including the terminating
null byte ('\0'), to the buffer pointed to by dest
. The strings may not
overlap, and the destination string dest
must be large enough to
receive the copy. Beware of buffer
overruns! (See BUGS.)
The strncpy
() function is
similar, except that at most n
bytes of src
are copied.
Warning | |
---|---|
If there is no null byte among the first
|
If the length of src
is less than n
, strncpy
() writes additional null bytes to
dest
to ensure that a
total of n
bytes are
written.
A simple implementation of strncpy
() might be:
char * strncpy(char *dest, const char *src, size_t n) { size_t i; for (i = 0; i < n && src[i] != '\0'; i++) dest[i] = src[i]; for ( ; i < n; i++) dest[i] = '\0'; return dest; }
For an explanation of the terms used in this section, see attributes(7).
Interface | Attribute | Value |
strcpy (), strncpy () |
Thread safety | MT-Safe |
Some programmers consider strncpy
() to be inefficient and error
prone. If the programmer knows (i.e., includes code to test!)
that the size of dest
is greater than the length of src
, then strcpy
() can be used.
One valid (and intended) use of strncpy
() is to copy a C string to a
fixed-length buffer while ensuring both that the buffer is
not overflowed and that unused bytes in the target buffer are
zeroed out (perhaps to prevent information leaks if the
buffer is to be written to media or transmitted to another
process via an interprocess communication technique).
If there is no terminating null byte in the first
n
bytes of src
, strncpy
() produces an unterminated string
in dest
. If
buf
has length buflen
, you can force termination using
something like the following:
strncpy(buf, str, buflen − 1); if (buflen > 0) buf[buflen − 1]= '\0';
(Of course, the above technique ignores the fact that, if
src
contains more
than buflen − 1
bytes, information is lost in the copying to dest
.)
Some systems (the BSDs, Solaris, and others) provide the following function:
size_t strlcpy(char *dest, const char *src, size_t size);
This function is similar to strncpy
(), but it copies at most
size−1
bytes to dest
,
always adds a terminating null byte, and does not pad the
target with (further) null bytes. This function fixes some
of the problems of strcpy
()
and strncpy
(), but the caller
must still handle the possibility of data loss if
size
is too small. The return
value of the function is the length of src
, which allows truncation
to be easily detected: if the return value is greater than
or equal to size
, truncation
occurred. If loss of data matters, the caller must either check the arguments
before the call, or test the function return value.
strlcpy
() is not present in
glibc and is not standardized by POSIX, but is available on
Linux via the libbsd
library.
If the destination string of a strcpy
() is not large enough, then anything
might happen. Overflowing fixed-length string buffers is a
favorite cracker technique for taking complete control of the
machine. Any time a program reads or copies data into a
buffer, the program first needs to check that there's enough
space. This may be unnecessary if you can show that overflow
is impossible, but be careful: programs can get changed over
time, in ways that may make the impossible possible.
bcopy(3), memccpy(3), memcpy(3), memmove(3), stpcpy(3), stpncpy(3), strdup(3), string(3), wcscpy(3), wcsncpy(3)
This page is part of release 4.07 of the Linux man-pages
project. A
description of the project, information about reporting bugs,
and the latest version of this page, can be found at
https://www.kernel.org/doc/man−pages/.
Copyright (C) 1993 David Metcalfe (davidprism.demon.co.uk) %%%LICENSE_START(VERBATIM) Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Since the Linux kernel and libraries are constantly changing, this manual page may be incorrect or out-of-date. The author(s) assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. The author(s) may not have taken the same level of care in the production of this manual, which is licensed free of charge, as they might when working professionally. Formatted or processed versions of this manual, if unaccompanied by the source, must acknowledge the copyright and authors of this work. %%%LICENSE_END References consulted: Linux libc source code Lewine's _POSIX Programmer's Guide_ (O'Reilly & Associates, 1991) 386BSD man pages Modified Sat Jul 24 18:06:49 1993 by Rik Faith (faithcs.unc.edu) Modified Fri Aug 25 23:17:51 1995 by Andries Brouwer (aebcwi.nl) Modified Wed Dec 18 00:47:18 1996 by Andries Brouwer (aebcwi.nl) 2007-06-15, Marc Boyer <marc.boyerenseeiht.fr> + mtk Improve discussion of strncpy(). |