Convert string to character array, but strcpy() gives an error

Question

Consider:

void takeInput()
{
    string word;
    cin >> word;

    int n = word.length();

    // Declaring character array
    char *char_array = new char [n + 1];

    // Copying the contents of the
    // string to char array
    strcpy(char_array, word.c_str());

    for (int i = 0; i<n; i++)
        cout << char_array[i];
}

error : Severity Code Description Project File Line Suppression State Error C4996 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. DSPROJECT c:\users\hp\source\repos\dsproject\dsproject\source.cpp 49

Possible duplicate of [Difference between 'strcpy' and 'strcpy\_s'?](https://stackoverflow.com/questions/32136185/difference-between-strcpy-and-strcpy-s) — Doug, May 05 '18 at 11:12
You'll find tons of information by just searching the site for `strcpy` and the error code. Please show more research effort the next time. — Baum mit Augen, May 05 '18 at 11:12
You can use `memcpy` to avoid the incorrect warning, since you already know the length. — Ry-, May 05 '18 at 11:12
i tried strcpy_s() too but it says "undefined instance of overloaded function" — Ali Raza Abbasi, May 05 '18 at 11:14
You can add `#pragma warning(disable:4996)` to get rid of the warning — Killzone Kid, May 05 '18 at 12:09
This is Microsoft telling you that you might not be smart enough to use `strcpy` correctly. You've used it correctly here. — Pete Becker, May 05 '18 at 12:46

score 1 · Answer 1 · answered May 05 '18 at 11:17

1

Strictly speaking, this is not an error, it's a warning treated as an error. The reason for the warning is explained in the error message: strcpy is unsafe because it can go past the limits of the destination string.

The message suggests two ways of addressing this - (1) using strcpy_s, or (2) turning off the warning (not recommended).

C++ has another approach that would fix the compile error - using std::copy function from the Standard C++ library, then null-terminating the result:

char *char_array = new char [n + 1];
std::copy(word.begin(), word.end(), char_array);
char_array[n] = '\0';

answered May 05 '18 at 11:17

Sergey Kalinichenko

714,442
84
1,110
1,523

This use of `std::copy` suffers from the same alleged infirmity as the original code: if the target buffer is not large enough, it will overrun the buffer. For the code in question, this is, in fact, not a problem: the code allocates a properly sized buffer and copies the right number of characters to it. In this context, both `std::copy` and `strcpy` are "safe" because they are both used correctly. (sorry about the rant; I've refrained from saying "turn off stupid warnings") – Pete Becker May 05 '18 at 12:49
@PeteBecker Not really, because the size of the output buffer is implicitly supplied by `std::distance(word.begin(), word.end())`, i.e. you pass both ends of the string. This is different from `strcpy` in that the length is specified by the content of the string itself, not by the parameters that you pass. You are right about none of this having an effect on OP's use of the functions, though. – Sergey Kalinichenko May 05 '18 at 14:54
But `std::distance(word.begin(), word.end())` has to be equal to `word.length()`. The problem is that both of those measure the size of the **input**; neither `strcpy` nor `std::copy` checks the size of the output buffer. Similarly, `strcpy_s` only checks that you aren't writing more characters than you told it you could handle, which also is not a direct check on the size of the output buffer. – Pete Becker May 05 '18 at 15:18
@PeteBecker You can specify either a beginning and an end (`std::copy`), or a beginning and the length (`strcpy_s`). When you specify length, it must be the length of both the input *and* the output (reading past the end of input is undefined behavior, just like writing past the end of output). The main point is to specify the size in one way or the other, so that the code accessing memory is protected. – Sergey Kalinichenko May 05 '18 at 16:01
There is also [`std::string::copy()`](http://en.cppreference.com/w/cpp/string/basic_string/copy), which won't copy more chars than the dest buffer can hold. `word.copy(char_array, n);` – Remy Lebeau May 05 '18 at 18:49

score 1 · Answer 2 · answered May 05 '18 at 12:44

rather than strcpy you can use strncpy:

strncpy(char_array, word.c_str(), n + 1);

This n+1 ensures that the terminating '\0' will be copied as well, and the memory buffer you already have big enough.

Or, you can disable this warning (which of course is highly NOT recommended) with defining _CRT_SECURE_NO_WARNINGS before using strcpy i.e.:

#define _CRT_SECURE_NO_WARNINGS

Convert string to character array, but strcpy() gives an error

2 Answers2