Correct way to use strcpy() function?

Question

What is the correct way to use strcpy() function? I have done it in two ways, and both times the program worked just fine, so I was wondering what's "more correct" way to use it. I want to copy string s2 to s1.

This one:

s1=strcpy(s1, s2);

or to just write:

strcpy(s1, s2);

Barmar · Accepted Answer · 2018-06-11T21:33:39.233

4

The second way is correct. The return value of strcpy() is always the same as its first argument, so your first version is equivalent to:

strcpy(s1, s2);
s1 = s1;

That second assignment is obviously pointless. And it would be invalid if s1 were an array rather than a pointer variable, since you can't assign to arrays.

edited Jun 11 '18 at 21:33

answered Jun 11 '18 at 21:31

Barmar

741,623
53
500
612

So I basically wrote s1=s1 in the first one? – Plexus Jun 11 '18 at 21:33
But you also copied the string to s1. – Barmar Jun 11 '18 at 21:34
Well yeah, that was the intention, so then if I wrote for example s3=strcpy(s1, s2); I would copy s2 to both s1 and s3? – Plexus Jun 11 '18 at 21:37
It's equivalent to `strcpy(s1, s2); s3 = s1;` – Barmar Jun 11 '18 at 21:38
Which would cause a memory leak if `s3` pointed to dynamic memory that you didn't free first. – Barmar Jun 11 '18 at 21:39

tadman · Answer 2 · 2018-06-11T21:32:14.527

3

The function signature is:

char* strcpy(char* destination, const char* source);

The return value is destination. If you want to make use of that value you can, but otherwise you can ignore it.

This is for the case where you want to return strcpy(x,y) without having to do an explicit return x after the fact.

Note that functions like strcpy are intrinsically dangerous because they don't check buffer lengths properly. You should probably use strcpy_s or something like it that has an explicit length field so you don't create buffer overflow bugs.

edited Jun 11 '18 at 21:32

answered Jun 11 '18 at 21:31

tadman

208,517
23
234
262

@Barmar That one, yeah. Fixed. – tadman Jun 11 '18 at 21:32
Functions like `strcpy()` are only intrinsically dangerous if you don't know how big the source string is or how big the destination array is. If you know both those, as you should, then `strcpy()` is merely wasteful; you could use `memmove()` — or `memcpy()` — to do the copying. The trouble is, people often use `strcpy()` where they don't know the sizes in advance, and that can lead to problems, but it is ultimately "careless coding causes crashes" rather than anything wrong with `strcpy()` per se. – Jonathan Leffler Jun 11 '18 at 22:10
@JonathanLeffler The trouble is that crashes are often hints of behaviour that can be exploited, so they're not harmless. That and crashes in general are pretty bad if you're writing C code because you need something fast and reliable. In all honestly GCC and clang should have a `-Wno-legacy-c-functions` that prevents you from using `strcpy` and friends in the first place. – tadman Jun 11 '18 at 22:12
The bug is in the code calling `strcpy()`. The `strcpy_s()` functions are only available on Microsoft Windows; they're not available on Unix-like platforms, for all they're an optional part of C11 defined in [Annex K](http://port70.net/~nsz/c/c11/n1570.html#K). Look at the info in [Do you use the TR 24731 "safe" functions?](https://stackoverflow.com/q/372980/15168) — including a link to the proposal to remove (or at least deprecate before removing) Annex K from the next C standard. And I disagree that the functions are dangerous — it is the programmers who use the functions who are dangerous. – Jonathan Leffler Jun 11 '18 at 22:16

Rakesh Solanki · Answer 3 · 2023-05-19T04:24:44.407

0

I am also trying to use strcpy() safely, I think this can be useful in case we are using strcpy to copy C string and we know destination buffer size in advance and don't want to use Microsoft specific strcpy_s:

#define _CRT_SECURE_NO_WARNINGS

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define BUFFER_SIZE 10

int main(int argc, char* argv[])
{
    if (argc < 2)
    {
        printf("Please give input\n");
        return 0;
    }

    char dest[BUFFER_SIZE];
    unsigned int dest_length = (BUFFER_SIZE-1);

    if (strlen(argv[1]) > dest_length)
    {
        printf("Input was too long\n");
        return 0;
    }
    
    if (strlen(strcpy(dest, argv[1])) > dest_length)
    {
        printf("Error in strcpy\n");
    }
    else
    {
        printf("%s\n", dest);
    }

    return 0;
}

After this update now we have much safer strcpy

edited May 19 '23 at 04:24

answered May 17 '23 at 05:38

Rakesh Solanki

59
6

Is this a question? If so, you should post it as a new question, not as an answer. The code here shows unsafe use of `strcpy`. User input could be any size, and this code does not check to see if that input will fit into `dest` before calling `strcpy`. This has undefined behavior when the user provides a string longer than 9 characters. 1) choose a reasonable input buffer default for user input, e.g., `char dest[1024];`. 2) check that user input will fit into `dest` first, e.g., `if (strlen(argv[1] < sizeof dest) { /* do strcpy */ } else { /* handle failure */ }`. – ad absurdum May 17 '23 at 12:16
Yes, you are right but it gives me error of stack corrupted in debug may be in release it won't even give error and terminate. I have updated my code. I already said I also trying to use strcpy safely. Thanks. – Rakesh Solanki May 19 '23 at 04:03
The input buffer is made small to demonstrate the usefulness of code. – Rakesh Solanki May 19 '23 at 04:26

Correct way to use strcpy() function?

3 Answers3