Re: Difference between strcpy() and strcat()?

From: Pascal Damian (pascaldamian_at_icqmail.com)
Date: 03/05/04 

Date: 5 Mar 2004 04:18:39 -0800

Leor Zolman <leor@bdsoft.com> wrote in message news:> "strcpy is safer than strcat because it is easier to check programmatically
> that a strcpy operation will not overflow the buffer: presumably you know
> the length of your destination buffer, so all you have to do is check the
> length of the source string. With strcat, on the other hand, you have to
> test the length of the existing string in the buffer, add the length of the
> string to be appended, and make sure the total resulting length is going to
> fit into your available space."
>
> But that would actually be rubbish...I've probably had more overruns with
> functions like strcpy than with strcat. Why? Because I've been more
> /careful/ while using strcat... ;-)

To Jens,

Yes, sorry. The question should be: "what's the difference between
using strcat() or strcpy() to append a string?"

To Leor,

Here's exactly where I read it, from a post at comp.lang.ruby:

======================== start quote ============================
> p = (char *)getenv("LD_LIBRARY_PATH");
>> if ((env = (char *)malloc(512+1+(p==NULL ? 0:strlen(p)))) ==
NULL) {
>> fprintf(stderr, "malloc() failed: %s\n", strerror(errno));
>> exit(1);
>> }
>> strcat(env, "LD_LIBRARY_PATH=");

Use strcpy instead of strcat here, content of malloc'ed area is
not guaranteed.
======================== end quote ============================

URL: http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&selm=200403041635.i24GZh4Y030395%40sharui.nakada.niregi.kanuma.tochigi.jp
URL: http://tinyurl.com/393yz

Now what does the poster mean by "content of malloc'ed area is not
guaranteed"? 

--
Pascal

Relevant Pages

  • Re: Undeclared identifier error in file "xlocnum"
    ... I had issues with strcat and strcpy in 1975, and nothing in the intervening 30 years has ... you have done something that includes the safe-string library; ... you should not be using sprintf any longer. ...
    (microsoft.public.vc.mfc)
  • Re: C-style coding in C++
    ... One usually doesn't need these functions if the string class is used. ... like strcpy and strcat are dangerous if not used judiciously (you will get ... buffer overruns if the destination string is not large enough to store the ...
    (comp.lang.cpp)
  • Re: Undeclared identifier error in file "xlocnum"
    ... there is still a reason to use those crappy old functions. ... >your code is used on other platforms and by other compilers you will ... >>strcpy or strcat these days, it is better to adopt safe programming practices. ...
    (microsoft.public.vc.mfc)
  • Re: Difference between strcpy() and strcat()?
    ... "strcpy is safer than strcat because it is easier to check programmatically ... that a strcpy operation will not overflow the buffer: ... length of the source string. ... With strcat, on the other hand, you have to ...
    (comp.lang.c)
  • Re: Undeclared identifier error in file "xlocnum"
    ... there is still a reason to use those crappy old functions. ... >strcpy or strcat these days, it is better to adopt safe programming practices. ...
    (microsoft.public.vc.mfc)