Strcpy
|
- The title of this article is incorrect because of technical limitations. The correct title is strcpy.
In computing, the C programming language offers a library function called strcpy that allows null-terminated memory blocks to be copied to different locations. Since, in C, strings are not first-class datatypes, and are implemented as blocks of ASCII bytes in memory, strcpy will effectively copy strings given two pointers to blocks of allocated memory.
For example
char *str1 = malloc(sizeof(char)*LARGE_NUMBER); char *str2 = malloc(sizeof(char)*LARGE_NUMBER); fgets(str1, LARGE_NUMBER, stdin); strcpy(str2, str1); /* the argument order makes it like an assignment - str2 "=" str1 */
Although the simple assignment str2 = str1 might appear to do the same thing, it only copies the memory address of str1 into str2, so the variables now point at the same region of memory (thus any modification made to one string will affect the other). This is known as a shallow copy because it does not actually create a new, identical string.
The strcpy function performs a deep copy by iterating over the individual characters of the string and copying them one by one. Here is one possible implementation of strcpy:
char * strcpy(char *dest, const char *src) { char c; const char *p; char *q; for(p = src, q = dest; *p != '\0'; p++, q++) *q = *p; *q = '\0'; return dest; }
strcpy can be dangerous because if the string to be copied is too long to fit in the destination buffer, it will overwrite adjacent memory, causing unpredictable behavior. Usually the program will simply cause a segmentation fault when this occurs, but a skilled attacker can use such a buffer overflow to crack into a system (see computer security).
The bounded variant strncpy does the same thing as strcpy but as it only copies a specified number of bytes, it is susceptible to buffer overflow only if the number of bytes specified is larger than the destination string. OpenBSD strlcpy is regarded as a safer version of these variants.