0

I have the next code:

    char arr[6] = "Hello";
    strcpy(arr, "Hello mellow");
    cout << strlen(arr) << ", " << arr << endl; // 12, Hello mellow


    char arr1[] = "Hello";
    strcpy(arr1, "Hello mellow");
    cout << strlen(arr1) << ", " << arr1 << endl; // 12, Hello mellow

So, why does that work? Why doesn't it get limited somehow? Whatever I put instead of "Hello mellow", it works and prints it out.

Mathieu Rodic
  • 6,637
  • 2
  • 43
  • 49
mathinvalidnik
  • 1,566
  • 10
  • 35
  • 57
  • 2
    it sometimes works, but also may not or even crash the program. – SHR Dec 01 '14 at 15:31
  • 1
    You were lucky (or not). – Maroun Dec 01 '14 at 15:31
  • `Why doesn't it get limited somehow?` That question you asked is the answer to your question. What do you mean by "limited somehow"? Crashing? A message bos popping up saying "it's a bad thing you did"? Nothing happening? That's what is meant by undefined behavior. None of us, even yourself knows what "limited somehow" means -- it could mean anything to anyone. – PaulMcKenzie Dec 01 '14 at 15:44

4 Answers4

4

In general, C and C++ don't check for boundaries (unlike other higher-level languages: Java, PHP, Python, Javascript, etc).

This means that if you try to strcopy, say, a 13-bytes string such as "Hello mellow" to a character array, it won't check whether or not the given array has been instantiated with enough memory to contain the string. It will just copy the given string, character by character, to the given memory pointer.

What happens here, is that you write at some places in memory you are not supposed to access; once in a while, this program might just crash, with no other indication than: segmentation fault.

If you happen to try this...

char arr1[8];
char arr2[8];
strcpy(arr1,"Hello mellow");
printf("%s\n", arr1);
printf("%s\n", arr2);

...it is very likely (but not 100% sure, see comments) you would get the following output:

Hello mellow
llow

Why? Because the second char[] would have been overwritten by the data you tried to put in the first one, without it having enough reserved space for it.

See: http://en.wikipedia.org/wiki/Stack_buffer_overflow

Mathieu Rodic
  • 6,637
  • 2
  • 43
  • 49
4

It works because strcpy doesn't check that the destination array is at least as large as the source one. Your code invokes undefined behavior as you call strcpy with invalid arguments, and because the behavior is undefined, anything can happen; In your case, the memory is silently overwritten. Your program could crash as well.

Columbo
  • 60,038
  • 8
  • 155
  • 203
1

Native arrays in C/C++ are very low-level abstractions that are treated as pointers to memory locations in many use cases. So, when passing arr to strcpy, all strcpy knows is the address of arr[0]. As a result, there is no possibility of bounds checking. This is a very good thing for performance reasons. It is up to the programmer to ensure that he/she uses these low-level constructs safely, for instance by using strncpy and giving an appropriate bound, or using std::vector and checking for bounds explicitly or using std::vector::at to check bounds when accessing a location.

sfjac
  • 7,119
  • 5
  • 45
  • 69
0

I think that's because there's no check runtime nor compile time and if you're Lucky, you won't get a segmentation fault;)

tmnd91
  • 449
  • 1
  • 6
  • 23