Why strncpy() is not respecting the given size_t n which is 10 in temp2?

Question

This problem is blowing my mind...Can anyone please sort out the problem because i have already wasted hours on this.. ;(

#include <stdio.h>
#include <string.h>
int main(){

  char string[] = "Iam pretty much big string.";
  char temp1[50];
  char temp2[10];

  // strcpy() and strncpy()
   strcpy(temp1, string);
   printf("%s\n", temp1);

  strncpy(temp2, temp1, 10);
  printf("%s\n", temp2);
  return 0;
}

Result

Iam pretty much big string.
Iam prettyIam pretty much big string.

Expected Result:

Iam pretty much big string.
Iam pretty

Answer 1

The address of temp2 is just before the address of temp1 and because you do not copy the final 0, the printf will continue printing after the end of temp2.

As time as you do not insert the 0, the result of printf is undefined.

Answer 2

You invoke Undefined Behavior attempting to print temp2 as temp2 is not nul-terminated. From man strncpy:

"Warning: If there is no null byte among the first n bytes of src, the string placed in dest will not be null-terminated." (emphasis in original)

See also C11 Standard - 7.24.2.4 The strncpy function (specifically footnote: 308)

So temp2 is not nul-terminated.

Answer 3

Citation of the appropriate [strncpy] tag on Stack Overflow https://stackoverflow.com/tags/strncpy/info, which may help you to understand what happens exactly:

---

This function is not recommended to use for any purpose, neither in C nor C++. It was never intended to be a "safe version of strcpy" but is often misused for such purposes. It is in fact considered to be much more dangerous than strcpy, since the null termination mechanism of strncpy is not intuitive and therefore often misunderstood. This is because of the following behavior specified by ISO 9899:2011 7.24.2.4:

char *strncpy(char * restrict s1, 
     const char * restrict s2, 
     size_t n);

/--/

3 If the array pointed to by s2 is a string that is shorter than n characters, null characters are appended to the copy in the array pointed to by s1, until n characters in all have been written.

A very common mistake is to pass an s2 which is exactly as many characters as the n parameter, in which case s1 will not get null terminated. That is: strncpy(dst, src, strlen(src));

/* MCVE of incorrect use of strncpy */
#include <string.h>
#include <stdio.h>

int main (void)
{
  const char* STR = "hello";
  char buf[] = "halt and catch fire";
  strncpy(buf, STR, strlen(STR));
  puts(buf); // prints "helloand catch fire"
  return 0;
}

Recommended practice in C is to check the buffer size in advance and then use strcpy(), alternatively memcpy(). Recommended practice in C++ is to use std::string instead.

Answer 4

The strncpy function is respecting the 10 byte limit you're giving it.

It copies the first 10 bytes from string to temp2. None of those 10 bytes is a null byte, and the size of temp2 is 10, so there are no null bytes in temp2. When you then pass temp2 to printf, it reads past the end of the array invoking undefined behavior.

You would need to set the size given to strncpy to the array size - 1, then manually add the null byte to the end.

strncpy(temp2, temp1, sizeof(temp2)-1);
temp2[sizeof(temp2)-1] = 0;

Answer 5

From the manpage for strncpy():

Warning: If there is no null byte among the first n bytes of src, the string placed in dest will not be null-terminated.

Either your input is shorter than the supplied length, you add the terminating null byte yourself, or it won't be there. printf() expects the string to be properly null terminated, and thus overruns your allocated buffer.

This only goes to show that the n variants of many standard functions are by no means safe. You must read their respective man pages, and specifically look for what they do when the supplied length does not suffice.