C Programming/string.h/strcpy

The C programming language offers a library function called strcpy, defined in the string.h header file, that allows null-terminated memory blocks to be copied from one location to another. Since strings in C are not first-class data types and are implemented instead as contiguous blocks of bytes in memory, strcpy will effectively copy strings given two pointers to blocks of allocated memory.

The prototype of the function is: The argument order mimics that of an assignment: destination "=" source. The return value is.

Usage and implementation
For example In the second line memory is allocated to hold the copy of the string, then the string is copied from one memory block into the other, then the first letter of that copy is modified.

Although the simple assignment str2 = str1 might appear to do the same thing, it only copies the memory address of str1 into str2 but not the actual string. Both str1 and str2 would refer to the same memory block, and the allocated block that used to be pointed to by str2 would be lost. The assignment to str2[0] would either also modify str1, or it would cause an access violation (as modern compilers often place the string constants in read-only memory).

The <tt>strcpy</tt> function performs a copy by iterating over the individual characters of the string and copying them one by one. An explicit implementation of <tt>strcpy</tt> is:

A common compact implementation is:

Modern versions provided by C libraries often copy far more than one byte at a time, relying on bit math to detect if the larger word has a null byte before writing it. Often a call compiles into an inline machine instruction specifically designed to do <tt>strcpy</tt>.

Unicode
<tt>strcpy</tt> will work for all common byte encodings of Unicode strings, including UTF-8. There is no need to actually know the encoding as long as the null byte is never used by it.

If Unicode is encoded in units larger than a byte, such as UTF-16, then a different function is needed, as null bytes will occur in parts of the larger code units. C99 defines the function <tt>wcscpy</tt>, which will copy <tt>wchar_t</tt>-sized objects and stop at the first one with a zero value. This is not as useful as it appears, as different computer platforms disagree on how large a <tt>wchar_t</tt> is (some use 16 bits and some 32 bits).

Buffer overflows
<tt>strcpy</tt> can be dangerous because if the string to be copied is too long to fit in the destination buffer, it will overwrite adjacent memory, invoking undefined behavior. Usually the program will simply cause a segmentation fault when this occurs, but a skilled attacker can use buffer overflow to break into a system. To prevent buffer overflows, several alternatives for <tt>strcpy</tt> have been used. All of them take an extra argument which is the length of the destination buffer and will not write past that buffer end. All of them can still result in buffer overflows if an incorrect length is provided.

strncpy
char* strncpy(char* dst, const char* src, size_t size);

<tt>strncpy</tt> writes exactly the given number of bytes, either only copying the start of the string if it is too long, or adding zeros to the end of the copy to fill the buffer. It was introduced into the C library to deal with fixed-length name fields in structures such as directory entries. Despite its name it is not a bounded version of <tt>strcpy</tt>; it does not guarantee that the result is a null-terminated string. The name of the function is misleading because <tt>strncat</tt> and <tt>snprintf</tt> are respectively bounded versions of <tt>strcat</tt> and <tt>sprintf</tt>.

The assumption that the result is a null-terminated string leads to two problems. If the source string is too long, the result is not null-terminated, making data after the end of the buffer appear to be part of the string. And if the source string is much shorter than the buffer, considerable time will be wasted filling the rest of the buffer with null bytes.

An alternative from the standard C library that will always append one null byte is to use strncat with an initially empty string as the destination.

strlcpy
size_t strlcpy(char* dst, const char* src, size_t size);

The <tt>strlcpy</tt> function, created by OpenBSD developers Todd C. Miller and Theo de Raadt, is often regarded as a safer version of <tt>strncpy</tt>. It always adds a single null byte, and returns the number of bytes that would be needed, allowing the caller to reallocate the buffer if possible. It has been ported to a number of operating systems, but notably rejected by Ulrich Drepper, the glibc maintainer, who suggests that C programmers need to keep track of string length and that "using this function only leads to other errors."

strcpy_s
errno_t strcpy_s(char* dst, rsize_t size, const char* src);

The  function, proposed for standardisation in ISO/IEC TR 24731,  is supported by the Microsoft C Runtime Library and some other C libraries. It returns non-zero if the source string does not fit, and sets the buffer to the empty string (not the prefix!). It is also explicitly unsupported by some libraries, including the GNU C library. Warning messages produced by Microsoft's compilers suggesting programmers change <tt>strcpy</tt> and <tt>strncpy</tt> to this function have been speculated by some to be a Microsoft attempt to lock developers to its platform.