6
votes

At the following regarding strncpy: http://www.cplusplus.com/reference/clibrary/cstring/strncpy/, it mentions the following:

No null-character is implicitly appended to the end of destination, so destination will only be null-terminated if the length of the C string in source is less than num.

What is meant by this sentence?

6
Long story short: avoid using strncpy as a secure strcpy, it's a different function for a different purpose, that exposes to other security risks.Matteo Italia
Is this tagged C++ intentionally? If you are using C++ I would avoid the C string functions entirely and use the C++ Std::String functions. Otherwise, I would remove the C++ tag...James Greenhalgh
I disagree with removing the tag, @James, although not with your advice to use "proper" strings. However, while the vast majority of cases would probably be better off with C++ strings, there are still situations where the old C strings may be useful and they are part of the C++ standard, after all.paxdiablo
cplusplus.com is a site full of badly-worded, misleading, and often plain wrong information. I would avoid it and read the relevant standards documents instead.R.. GitHub STOP HELPING ICE
I second the disrecommendation for cplusplus.com. For anything that's in C, prefer search results from opengroup.org to cplusplus.com. Comparing them on this example, cplusplus.com neglects to mention that behavior is undefined for overlapping source/destination. The Opengroup text is from Posix and more or less reproduces the C standard. For C++, good information in web page form is hard to find, so web search for the names of the classes/functions you need and then look them up in a book. Or PDF of the standard.Steve Jessop

6 Answers

13
votes

It means that, for example, if your source string is 20 characters plus a null terminator and your strncpy specifies less than 21 characters, the target string will not have a null appended to it.

It's because of the way it works: strncpy guarantees that it will write exactly N bytes where N is the length value passed in.

If the length of the source string (sans null byte) is less than that, it will pad the destination area with nulls. If it's equal or greater, you won't get a null added to the destination.

That means it may not technically be a C string that you get. This can be solved with code like:

char d[11];          // Have enough room for string and null.
strncpy (d, s, 10);  // Copy up to 10 bytes of string, null the rest.
d[10] = '\0';        // Then append null manually in case s was too long.

You allocate 11 bytes (array indexes 0..10), copy up to 10 (indexes 0..9) then set the 11th (index 10) to null.

Here's a diagram showing the three possibilities for writing various-sized strings to a 10-character area with strncpy (d, s, 10) where . represents a null byte:

s              d
-------------  ----------
Hello.         Hello.....
Hello Fred.    Hello Fred
Hello George.  Hello Geor

Note that in the second and third case, no null byte is written so, if you treat d as a string, you're likely to be disappointed in the outcome.

5
votes

The string "foo" has 3 characters + 1 null-terminator (it's stored as "foo\0") giving a total length of 4. If you call strncpy with n=3 (or fewer) it won't append a null-terminator to the end of the target string, but will copy only "foo". Attempting to print the resulting string will result in undefined behaviour due to the lack of a null-terminator which signals the end of the string.

You have to be very careful of this and either pass n one greater than the maximum source or add the null-terminator yourself.

4
votes

That means that it copies the terminating null of the source string, but doesnt add a terminating null if the source string doesnt fit into the destination.

4
votes

In C strings stored as arrays of char's and they are null-terminated, which means they have an extra 0 appended at the end, which marks the end of the string and could be used later to figure out the string's length. So the string "hello" looks like this in memory:

char hello[] = {'h', 'e', 'l', 'l', 'o', 0};

Normally, when you copy a string, the null character should be copied as well. So the memory needed for the string buffer is its length + 1 (e.g. (strlen(hello) + 1) * sizeof(char)).

Function strncpy allows you to copy only as many characters as it's possible to fit in the provided buffer. In case the buffer you provided is not big enough to hold that extra null, it won't be added. Or if the string is cut, it won't be null-terminated.

char hello[] = "hello"; // 5 characters, 6 bytes long
char hel[3];
strncpy(hel, hello, 3); // hel is {'h', 'e', 'l'}

You should be always careful after calling strncpy, since the result might not be a valid C string. If the string is not null-terminated it's impossible to know its length and most of the string manipulation functions would fail or would do something unexpected.

1
votes

It means that only num bytes will be copied from the source buffer to the destination buffer; so if the source string length if upper or equal to num, the terminating NULL byte will not be copied, and the result will not have a NULL terminating byte, which is dangerous.

It is recommended to use strlcpy instead.

0
votes

The semantics of strncpy(), even when precisely explained as they are in the C++ reference above, are widely misunderstood. The behavior of this function is counterintuitive and error prone.

To avoid problems when using it or further down the development process, when the maintainer will misread the code and add more subtile bugs, there is a simple solution: NEVER EVER USE THIS FUNCTION.

You can read further details about this in this article by Bruce Dawson.

To answer your question: if the source string is longer than the size passed as a third argument (usually corresponding to the size of the destination buffer), the function will copy size characters to the destination and no null byte will be present among these. Calling strlen(destination); will then invoke undefined behavior because it will attempt to read beyond the end of the array until it finds a null terminator. This specific behavior is what makes strncpy so error prone.