C - Best practices for Strings

Question

Which of the below is the best practice when working with C strings?

char full_name[] = "foo boo";
char * full_name = "foo boo";

What are the pros and cons for each of them from a security standpoint?

Please note the questions are different. I am not asking what happens behind the scenes, I am clearly asking what is safer to use. — Malo Polsky, Sep 25 '15 at 11:31

Iharob Al Asimi · Accepted Answer · 2015-09-25T10:20:52.673

4

Working with c strings is a complex task, none of the options you show has any advantages or disadvantages. It really depends on the solution you want to implement.

char full_name[] = "foo boo";

is an array with the following contents

{'f', 'o', 'o', ' ', 'b', 'o', 'o', '\0'}

you can modify it but it cannot grow, and

char *full_name = "foo boo";

is a string literal, you cannot modify nor can it grow and it's better to define it like this

const char *full_name = "foo boo";

even though this does not completely prevents modifying it, it helps not doing it accidentally.

Modifying a string literal is possible, it's just wrong because it invokes undefined behavior.

edited Sep 25 '15 at 10:20

answered Sep 25 '15 at 10:14

Iharob Al Asimi

52,653
6
59
97

1

`char *full_name = "foo boo";` assigns the literal to the variable (initializes the variable with the literal). You cannot change the literal string, but you _can_ assign another literal or variable to the variable, e.g. `full_name = my_name;`. – Paul Ogilvie Sep 25 '15 at 11:37
@PaulOgilvie Strictly speaking you can change it, it's just *undefined behavior*. – Iharob Al Asimi Sep 25 '15 at 11:51
I mean that since `char *full_name;` is a pointer variable, you can assign different (other) variables to it. Those may be literals, or `malloc`'d buffers containing a string that was e.g. read from a file. That is not UB. – Paul Ogilvie Sep 25 '15 at 15:04
Ok, I see, you mean that after all `char *full_name` is a pointer and you can reassign it. That is another reason to use `const` because even if you do `full_name = malloc(some_size)` with `const` you would need to explicitly cast the `const` away, minimizing the potential `undefined behavior` of changing the string literal. Example `const char *full_name = "Something"; if (something_else == true) {full_name = strdup("Something Else");} free(full_name);` Will at least a issue warnings. Notice that if `something_else == false` -> *Undefined Behavior*. – Iharob Al Asimi Sep 25 '15 at 15:17

score 4 · Answer 2 · edited Sep 25 '15 at 20:10

In C, a string can be referred either using a character pointer or as a character array.

Strings as character arrays

char str[4] = "GfG"; /*One extra for string terminator*/
/*    OR    */
char str[4] = {‘G’, ‘f’, ‘G’, '\0'}; /* '\0' is string terminator */

When strings are declared as character arrays, they are stored like other types of arrays in C. For example, if str[] is an auto variable then string is stored in stack segment, if it’s a global or static variable then stored in data segment, etc.

Strings using character pointers

Using character pointer strings can be stored in two ways:

Read-only string in a shared segment.

When string value is directly assigned to a pointer, in most of the compilers, it’s stored in a read only block (generally in data segment) that is shared among functions.
```
char *str  =  "GfG";  
```
In the above line “GfG” is stored in a shared read-only location, but pointer str is stored in a read-write memory. You can change str to point something else but cannot change value at present str. So this kind of string should only be used when we don’t want to modify string at a later stage in program.

Dynamically allocated in heap segment.

Strings are stored like other dynamically allocated things in C and can be shared among functions.

char *str; 
int size = 4; /*one extra for ‘\0’*/ 
str = malloc(size);
*(str+0) = 'G'; 
*(str+1) = 'f';  
*(str+2) = 'G';  
*(str+3) = '\0';

For more details

score -4 · Answer 3 · answered Sep 25 '15 at 10:16

-4

If you see the security point of view then don't use pointers. Try to use always non pointer variables. Pointer access the memory address directly which may leads to memory leak issues, memory hack issues etc.

answered Sep 25 '15 at 10:16

user3347272

167
1
8

9

Pointers are important part of C, and necessary for any non-trivial program. It's better to learn to use them correctly (learn const correctness, have clear ownership, etc.), than to avoid them hysterically. – user694733 Sep 25 '15 at 10:20
If you don't want to use pointers, use another programming language. Besides, any of the two options above is using pointers, do you suggest a way to work with a string in [tag:c] that does not involve pointers? – Iharob Al Asimi Sep 25 '15 at 10:25
This is an interesting perspective that I can't fathom how you would approach it? Have you actually implemented systems in C/ C++/ Objective C without using pointers? – wmorrison365 Sep 25 '15 at 10:37
@wmorrison365 In c++ you can avoid pointers, thus dropping all the benefits. Although, well written c++ classes will use poitners internally for example to share data, it's not trivial to do that but it's possible [*see for example `QString`*](http://doc.qt.io/qt-5/qstring.html). So pointers are still very important in c++. – Iharob Al Asimi Sep 25 '15 at 15:14

C - Best practices for Strings

3 Answers3