Can strncpy return 0?

4
votes

The man page of strncpy states:

char *strncpy(char *dest, const char *src, size_t n);

The strcpy() and strncpy() functions return a pointer to the destination string dest.

Is it possible that strncpy(buff, "something", 9) == 0 be true if char buff[100]?

UPDATE

I also consider it as not very probable but it's part of a program that I should make to bufferoverflow and this condition stays on my way to achieve this.

5
cbuffer-overflow
The only case when it can return NULL (I guess) would be strncpy(NULL, "something", 0)...Alex Lop.
But when you pass NULL pointer the function does not return 0. "If strDest or strSource is a NULL pointer, or if count is less than or equal to zero, the invalid parameter handler is invoked, as described in Parameter Validation. If execution is allowed to continue, these functions return -1 and set errno to EINVAL" (MSVC).Weather Vane
@WeatherVane also, cppreference says: "The behavior is undefined if either dest or src is not a pointer to a character array." – I couldn't find this clause in my copy of the C99 standard, but I've also read somewhere that when "a pointer to…" is required, and the standard does not explicitly say that the supplied pointer may be NULL in some circumstances, then it should not be NULL.The Paramagnetic Croissant
@Zozo - in normal conditions? No, it won't happen. But if your process does mmap() with MAP_FIXED, and somehow NULL gets passed to mmap as the first parameter, you will find that NULL references valid memory. There are probably other memory-management functions that can do the same (although shmat() seems immune to this type of abuse because of the way it's specified. See pubs.opengroup.org/onlinepubs/009695399/functions/shmat.html)Andrew Henle
@AndrewHenle: pointing out that there are (abnormal) ways to get it to return null is neat, but spamming it across all the answers is just going to cause confusion to readers, given the fact that no, it can't return null under normal circumstances.Cornstalks

5 Answers

5
votes

No.

Judging from the facts that

  1. The null pointer constant NULL's value equals 0

  2. A NULL pointer shall not point to a valid object. From the C11 standard, §6.3.2.3:

    [...] a null pointer [,] is guaranteed to compare unequal to a pointer to any object or function.

and that the corresponding man page does not mention the possibility of dest == NULL,
it is not allowed to.

4
votes

Think about it. What does the man page say? It says it returns dest. Therefore, if dest is not NULL, then the return value will not be NULL.

Since buff will never be NULL (assuming it's char buff[100]), then you can say with certainty that no, it will never return NULL.

If it does, it's got a bug.

2
votes

In my opinion if the executed code doesn't contain any undefined behavior, the given code cannot return NULL.

The only case when it can return NULL is if the destination is NULL. In such case (most likely) the execution will segfault unless the number of copied characters is 0.

In the given example:

strncpy(buff, "something", 9)

Neither the destination can be NULL ( since it is char buff[100]), nor number of copied characters can be 0 since it is given as 9.

1
votes

According to the ISO/IEC 9899:2011 standard §7.24.2.4/c4 The strncpy: function

Synopsis

1   #include <string.h>
    char *strncpy(char * restrict s1,
    const char * restrict s2,
    size_t n);

Description

2 The strncpy function copies not more than n characters (characters that > follow a null character are not copied) from the array pointed to by s2 to the array pointed to by

3 If the array pointed to by s2 is a string that is shorter than n characters, > null characters are appended to the copy in the array pointed to by s1, until n characters in all have been written.

Returns

4 The strncpy function returns the value of s1. s1. If copying takes place between objects that overlap, the behavior is undefined.

As such, the only way for strncpy to return 0 (i.e., NULL) with out causing undefined behaviour is if s1 is NULL and n is zero.

LIVE DEMO

0
votes

Yes strncpy() can return NULL. Just mmap a writeable page at address zero on a system that defines NULL as a pointer with zero as its numeric value:

#include <sys/mman.h>
#include <stdio.h>
#include <strings.h>

int main( int argc, char **argv )
{
    char *p;
    char *buf = mmap( ( void * ) 0, 4096,
        PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_FIXED | MAP_ANON, -1, 0 );
    p = strncpy( buf, "string", strlen( "string" ) );
    printf( "p: %p\n", p );
    printf( "NULL: %p\n", NULL );
    return( 0 );
}

Yes, this is intentionally violating the C standard requirement that NULL must not point to a valid object, so it's undefined behavior.

But it CAN happen.