Safe way to concat two strings in C

Question

I have the following code that concats two strings:

char *getConcatString(char *str1, char *str2) {
    char *finalString = malloc(1 + strlen(str1) + strlen(str2)); // Needs to be freed by the user after use
    if(finalString == NULL)
        return NULL;

    strcpy(finalString, str1);
    strcat(finalString, str2);

    return finalString;
}

Is there a more safe way to do this? Like for ex. strncat and strncpy? Thanks

I don't think `strncat` and `strncpy` are necessary, since you already have reserved enough space for both strings. You may want to check that `str1` and `str2` aren't null, though, especially if you cannot guarantee that it never will be. Otherwise, it looks fine to me. — Frxstrem, Apr 05 '16 at 21:36
@Idos Since we are allocating memory for the final string based on the size of str1 and str2, buffer overflow is eliminated in memcpy, am I right? — user3266083, Apr 05 '16 at 21:37
@Frxstrem I can guarantee that the 2 string aren't gonna be NULL. I'm worried about the null terminator here — user3266083, Apr 05 '16 at 21:39
@ryyker: but it is returned. It's quite a common thing to do. — Jongware, Apr 05 '16 at 21:44
@ryyker I'm already freeing finalString outside the function and it isn't causing any problems — user3266083, Apr 05 '16 at 21:45
@ryyker I'm sorry, but you're completely wrong. malloc'ing and then returning a pointer like this is perfectly fine. — Steve Summit, Apr 05 '16 at 21:46
@user3266083 In general, this is a good way of doing it and your code looks fine. — Steve Summit, Apr 05 '16 at 21:49
@SteveSummit - You are of course correct. I was looking at it completely wrong. Thank you. — ryyker, Apr 05 '16 at 22:03
@RadLexus - I was seeing it completely wrong. Thank you for pointing that out :) — ryyker, Apr 05 '16 at 22:04
@Frxstrem - I agree that I was seeing this the wrong way. Thank you for your comments, I have deleted that answer. — ryyker, Apr 05 '16 at 22:08

Vlad from Moscow · Answer 1 · 2016-04-05T21:55:34.223

4

Is there a more safe way to do this?

The only thing I would do with the function is changing its parameter declarations and adding a check to NULL of the parameters.

For example

char * getConcatString( const char *str1, const char *str2 ) 
{
    char *finalString = NULL;
    size_t n = 0;

    if ( str1 ) n += strlen( str1 );
    if ( str2 ) n += strlen( str2 );

    if ( ( str1 || str2 ) && ( finalString = malloc( n + 1 ) ) != NULL )
    {
        *finalString = '\0';

        if ( str1 ) strcpy( finalString, str1 );
        if ( str2 ) strcat( finalString, str2 );
    }

    return finalString;
}

edited Apr 05 '16 at 21:55

answered Apr 05 '16 at 21:49

Vlad from Moscow

301,070
26
186
335

1

This is a nice implementation; I like the way it quietly -- but robustly -- treats null pointers as empty strings. – Steve Summit Apr 05 '16 at 21:53
1

Because you have initialized the pointer: `*finalString = '\0';`, would it be okay to use `strcat()` in both subsequent statements? (instead of `strcpy()` in first one.) – ryyker Apr 05 '16 at 22:02
@ryyker Yes you can use strcat in both cases. These calls are equivalent in this context. – Vlad from Moscow Apr 05 '16 at 22:05

Safe way to concat two strings in C

1 Answers1

Linked