C string handling

From Wikipedia, the free encyclopedia - View original article

  (Redirected from Strcpy)
Jump to: navigation, search

C string handling refers to a group of functions implementing operations on strings in the C standard library. Various operations, such as copying, concatenation, tokenization and searching are supported.

The only support for strings in the C programming language itself is that the compiler will translate a quoted string constant into a null-terminated string, which is stored in static memory. However, the C standard library provides a large number of functions designed to manipulate these null-terminated strings. These functions are so popular and used so often that they are usually considered part of the definition of C.


A string is a contiguous sequence of code units terminated by the first zero code (written '\0' and corresponding to the ASCII null character). In C, there are two types of strings: string, which is sometimes called byte string which uses the type chars as code units (one char is at least 8 bits), and wide string[1] which uses the type wchar_t as code units.

A common misconception is that all char arrays are strings, because string literals are converted to arrays during the compilation (or translation) phase.[2] It is important to remember that a string ends at the first zero code unit. An array or string literal that contains a zero before the last byte therefore contains a string, or possibly several strings, but is not itself a string.[3] Conversely, it is possible to create a char array that is not null-terminated and is thus not a string: char is often used as a small integer when needing to save memory.

The term pointer to a string is used in C to describe a pointer to the initial (lowest-addressed) byte of a string.[1] In C, pointers are used to pass strings to functions. Documentation (including this page) will often use the term string to mean pointer to a string.[citation needed]

The term length of a string is used in C to describe the number of bytes preceding the zero byte.[1] strlen is a standardised function commonly used to determine the length of a string. A common mistake is to not realize that a string uses one more unit of memory than this length, in order to store the zero that ends the string.

Character encodings[edit]

Each string ends at the first occurrence of the zero code unit of the appropriate kind (char or wchar_t). Consequently, a byte string can contain non-NUL characters in ASCII or any ASCII extension, but not characters in encodings such as UTF-16 (even though a 16-bit code unit might be nonzero, its high or low byte might be zero). The encodings that can be stored in wide strings are defined by the width of wchar_t. In most implementations, wchar_t is at least 16 bits, and so all 16-bit encodings, such as UCS-2, can be stored. If wchar_t is 32-bits, then 32-bit encodings, such as UTF-32, can be stored.

Variable-width encodings can be used in both byte strings and wide strings. String length and offsets are measured in bytes or wchar_t, not in "characters", which can be confusing to beginning programmers. UTF-8 and Shift JIS are often used in C byte strings, while UTF-16 is often used in C wide strings when wchar_t is 16 bits. Truncating strings with variable length characters using functions like strncpy can produce invalid sequences at the end of the string. This can be unsafe if the truncated parts are interpreted by code that assumes the input is valid.

Support for Unicode literals such as char foo[512] = "φωωβαρ";(UTF-8) or wchar_t foo[512] = L"φωωβαρ"; (UTF-16 or UTF-32) is implementation defined,[4] and may require that the source code be in the same encoding. Some compilers or editors will require entering all non-ASCII characters as \xNN sequences for each byte of UTF-8, and/or \uNNNN for each word of UTF-16.

Overview of functions[edit]

Most of the functions that operate on C strings are defined in the string.h (cstring header in C++). Functions that operate on C wide strings are defined in the wchar.h (cwchar header in C++). These headers also contain declarations of functions used for handling memory buffers; the name is thus something of a misnomer.

Functions declared in string.h are extremely popular since, as a part of the C standard library, they are guaranteed to work on any platform which supports C. However, some security issues exist with these functions, such as buffer overflows, leading programmers to prefer safer, possibly less portable variants, of which some popular ones are listed here. Some of these functions also violate const-correctness by accepting a const string pointer and returning a non-const pointer within the string. To correct this, some have been separated into two overloaded functions in the C++ version of the standard library.

In historical documentation the term "character" was often used instead of "byte" for C strings, which leads many to believe that these functions somehow do not work for UTF-8. In fact all lengths are defined as being in bytes and this is true in all implementations, and these functions work as well with UTF-8 as with any other byte encoding. The BSD documentation has been fixed to make this clear, but POSIX, Linux, and Windows documentation still uses "character" in many places where "byte" or "wchar_t" is the correct term.

Constants and types[edit]

NULLmacro expanding to the null pointer constant; that is, a constant representing a pointer value which is guaranteed not to be a valid address of an object in memory.
wchar_ttype used for a code unit in a wide strings, usually either 16 or 32 bits.
wint_tinteger type that can hold any value of a wchar_t as well as the value of the macro WEOF. This type is unchanged by integral promotions. Usually a 32 bit signed value.
mbstate_tcontains all the information about the conversion state required from one call to a function to the other.


Description[note 1]
strcpywcscpycopies one string to another
strncpywcsncpywrites exactly n bytes/wchar_t, copying from source or adding nulls
strcatwcscatappends one string to another
strncatwcsncatappends no more than n bytes/wchar_t from one string to another
strxfrmwcsxfrmtransforms a string according to the current locale
strlenwcslenreturns the length of the string
strcmpwcscmpcompares two strings
strncmpwcsncmpcompares a specific number of bytes/wchar_t in two strings
strcollwcscollcompares two strings according to the current locale
strchrwcschrfinds the first occurrence of a byte/wchar_t in a string
strrchrwcsrchrfinds the last occurrence of a byte/wchar_t in a string
strspnwcsspnfinds in a string the first occurrence of a byte/wchar_t not in a set
strcspnwcscspnfinds in a string the last occurrence of a byte/wchar_t not in a set
strpbrkwcspbrkfinds in a string the first occurrence of a byte/wchar_t in a set
strstrwcsstrfinds the first occurrence of a substring in a string
strtokwcstoksplits string into tokens
MiscellaneousstrerrorN/Areturns a string containing a message derived from an error code
memsetwmemsetfills a buffer with a repeated byte/wchar_t
memcpywmemcpycopies one buffer to another
memmovewmemmovecopies one buffer to another, possibly overlapping, buffer
memcmpwmemcmpcompares two buffers
memchrwmemchrfinds the first occurrence of a byte/wchar_t in a buffer
  1. ^ Here string refers either to byte string or wide string

Multibyte functions[edit]

mblenreturns the number of bytes in the next multibyte character
mbtowcconverts the next multibyte character to a wide character
wctombconverts a wide character to its multibyte representation
mbstowcsconverts a multibyte string to a wide string
wcstombsconverts a wide string to a multibyte string
btowcconvert a single-byte character to wide character, if possible
wctobconvert a wide character to a single-byte character, if possible
mbsinitchecks if a state object represents initial state
mbrlenreturns the number of bytes in the next multibyte character, given state
mbrtowcconverts the next multibyte character to a wide character, given state
wcrtombconverts a wide character to its multibyte representation, given state
mbsrtowcsconverts a multibyte string to a wide string, given state
wcsrtombsconverts a wide string to a multibyte string, given state

"state" is used by encodings that rely on history such as shift states. This is not needed by UTF-8 or UTF-32. UTF-16 uses them to keep track of surrogate pairs and to hide the fact that it actually is a multi-word encoding.

Numeric conversions[edit]

The C standard library contains several functions for numeric conversions. The functions that deal with byte strings are defined in the stdlib.h header (cstdlib header in C++). The functions that deal with wide strings are defined in the wchar.h header (cwchar header in C++). Note that the strtoxxx functions are not const-correct, since they accept a const string pointer and return a non-const pointer within the string.

Description[note 1]
atofN/Aconverts a string to a floating-point value
N/Aconverts a string to an integer (C99)
converts a string to a floating-point value
converts a string to a signed integer
converts a string to an unsigned integer
  1. ^ Here string refers either to byte string or wide string

Popular extensions[edit]

Strcat/strcpy replacements[edit]

Despite the well-established need to replace strcat and strcpy with functions that do not overflow buffers, no accepted standard has arisen. Partly this is due to the mistaken belief by many C programmers that strncat and strncpy have the desired behavior (neither function was designed for this and the behavior and arguments are non-intuitive and often written incorrectly even by expert programmers[5]).

strcat_s and strcpy_s are defined in the C 11 (Annex K), and in ISO/IEC WDTR 24731. An error indicator is returned on buffer overflow and the output buffer is set to a zero-length string (which destroys data in the case of strcat_s). These functions attracted considerable criticism because they are currently provided by default only by Microsoft Visual C++. Warning messages produced by Microsoft's compilers suggesting programmers use these functions instead of standard ones have been speculated by some to be a Microsoft attempt to lock developers to its platform.[6][7][8] Open source code for these functions is available.[9]

The more popular strlcat and strlcpy have been criticised on the basis that they encourage use of C strings and thus create more problems than they solve.[10][11] Consequently they have not been included in the GNU C library (used by software on Linux), although they are implemented in OpenBSD, FreeBSD, NetBSD, Solaris, Mac OS X, QNX, and even internally in the Linux kernel. The lack of GNU C library support has not stopped various library authors from using it and bundling a replacement, among other SDL, glib2, ffmpeg, rsync... Open source code for these functions is available.[12][13]

See also[edit]


  1. ^ a b c "The C99 standard draft + TC3". §7.1.1p1. Retrieved 7 January 2011. 
  2. ^ "The C99 standard draft + TC3". §6.4.5p7. Retrieved 7 January 2011. 
  3. ^ "The C99 standard draft + TC3". Section 6.4.5 footnote 66. Retrieved 7 January 2011. 
  4. ^ "The C99 standard draft + TC3". § Translation phases, p1. Retrieved 23 December 2011. 
  5. ^ a b c Todd C. Miller; Theo de Raadt (1999). "strlcpy and strlcat - consistent, safe, string copy and concatenation.". USENIX '99. 
  6. ^ Danny Kalev. "They're at it again". InformIT. Retrieved 10 November 2011. 
  7. ^ "Security Enhanced CRT, Safer Than Standard Library?". Retrieved 10 November 2011. 
  8. ^ Danny Kalev. "A Tour of C1X, Part II". InformIT. Retrieved 6 April 2012. 
  9. ^ Safe C Library. "The Safe C Library provides bound checking memory and string functions per ISO/IEC TR24731". Sourceforge. Retrieved 6 March 2013. 
  10. ^ libc-alpha mailing list, selected messages from 8 August 2000 thread: 53, 60, 61
  11. ^ The ups and downs of strlcpy(); LWN.net
  12. ^ strlcpy.c
  13. ^ strlcat.c