Re: strcpy() - dangerous? [Was Re: gets() - dangerous?]

At about the time of 1/5/2006 2:27 AM, Flash Gordon stated the following:

> Daniel Rudy wrote:
>
>>At about the time of 1/3/2006 1:27 AM, Markus Becker stated the following:
>>
>>
>>>It's more easy to enforce a coding rule regarding string copying
>>>that reads like this:
>>>
>>>Always use "strncpy(dst,src,CAPACITY_OF_DST-1);"
>>>
>>>as compared to this:
>>>
>>>if (strlen(src)<=CAPACITY_OF_DST) strcpy(dst,src);
>>>else /* do something accordingly, which will be: */
>>> strncpy(...);
>>>
>>>So for 'me', strncpy is safer than strcpy and if I try to use
>>>strcpy correctly I will need to program a call to strncpy anyway
>>>if the length of src gets (oh my, this word again) greater than
>>>the capacity of the buffer pointed to by dst.
>>>
>>>What would be the 'proven' way of using strcpy in a safe
>>>way without needing strncpy as a fallback? I wouldn't be
>>>surprised if I had overlooked something obvious. Sometimes
>>>I cannot see the wood for the trees, you know. Especially
>>>after a long night like this...
>>>
>>>Markus
>>
>>Here's something that's really fast:
>
>
> Yes, it take absolutely no run time at all because it fails to compile.
>
>

Really?

strata:/home/dr2867/c/modules 1038 $$$ ->./compile strscpy.c strscpy.o
gcc -W -Wall -Wshadow -Wpointer-arith -Wcast-align -Wstrict-prototypes
-Wnested-externs -Wwrite-strings -Wfloat-equal -Winline -Wtrigraphs
-ansi -std=c89 -pedantic -ggdb3 -c -o strscpy.o strscpy.c

Seems to compile just fine on my system... FreeBSD 6.0-RELEASE


> What if the buffer is larger than INT_MAX? Wouldn't size_t be more
> appropriate for the size?
>

What the hell?

It was an EXAMPLE. Going beyond INT_MAX? Who the hell is going to pass
2GB text strings around in memory. Most machines don't HAVE 2GB RAM
installed. Granted, if need be I can use an unsigned long, but again
who is going to need it? I'll be very interesting in hearing your
answer reguarding real world applications..

About the bcopy function. I was not aware that it was not ISO C90.
Here's the corrected version that still uses int.


#include<string.h>

int strscpy(char *dest, const char *src, int dest_size);

int strscpy(char *dest, const char *src, int dest_size)
{
int str_size;
int copy_size;

str_size = strlen(src);
copy_size = str_size + 1 < dest_size - 1 ? str_size : dest_size - 2;
memmove(dest, src, copy_size);
dest[dest_size - 1] = 0x00;
return(copy_size);
}

Now your size_t version:

size_t strscpy(char *dest, const char *src, size_t dest_size);

size_t strscpy(char *dest, const char *src, size_t dest_size)
{
size_t str_size;
size_t copy_size;

str_size = strlen(src);
copy_size = str_size + 1 < dest_size - 1 ? str_size : dest_size - 2;
memmove(dest, src, copy_size);
dest[dest_size - 1] = 0x00;
return(copy_size);
}

>
> In future, please post standard C answers not implementation specifics,
> especially when there is a simple standard C way of doing the same
> thing. We only deal with standard C here, not the BSD extensions, POSIX
> extensions or Windows extensions.

As a programmer, I use what is available on the platform that I code on.
Because my software has to work in the real world, I have to code it so
that it is robust, safe, and secure. Granted, I am still learning, but
I'm doing quite well. I don't get may errors or warnings when my code
compiles. When I do get an error or warning, I track it down and fix it.

--
Daniel Rudy

Email address has been base64 encoded to reduce spam
Decode email address using b64decode or uudecode -m

Why geeks like computers: look chat date touch grep make unzip
strip view finger mount fcsk more fcsk yes spray umount sleep
.

Relevant Pages

  • Re: strcpy() - dangerous? [Was Re: gets() - dangerous?]
    ... > It's more easy to enforce a coding rule regarding string copying ... > strcpy correctly I will need to program a call to strncpy anyway ... > if the length of src gets ...
    (comp.lang.c)
  • Re: Range query optimization help?
    ... (src, amp, asof) ... >unique clustered index asof_src on MeterEvent ... >table StdAmp, minamp int, maxamp int, stdval int) ...
    (microsoft.public.sqlserver.programming)
  • Re: Cant find PInvoke DLL - BUG?
    ... return uncompressCE(dest, ref destLen, src, srcLen); ... int srcLen); ... I am getting same error when using another dll - the usage is ... Is there any difference when loading library from app. ...
    (microsoft.public.dotnet.framework.compactframework)
  • Automatic way to test performance optimizations
    ... But I would also like to test, that the optimization is used in the ... Does Sun remove all log statements from its JDK src before ... Objectdest, ... int high, ...
    (comp.lang.java.programmer)
  • RE: What is the wrong with this SQL?
    ... When I was having the problem with previous SQL, ... (col1 int ... alter table src drop column col2 ...
    (microsoft.public.sqlserver.programming)