Size definition of strcat() function

非 Y 不嫁゛ 提交于 2020-01-30 11:51:52

问题


The question is why should I define size of string (string[] should be string[some-number]) When the program is as following it gives me Abort trap: 6:

#include <stdio.h>
#include <string.h>

int main(void)
{
  char buffer1[] = "computer";
  char string[]="program";
  strcat( buffer1, string );
  printf( "buffer1 = %s\n", buffer1 );

}

This is the program from http://www.tutorialspoint.com/cprogramming/c_data_types.htm it works fine:

#include <stdio.h>
#include <string.h>

int main ()
{
   char str1[12] = "Hello";
   char str2[12] = "World";
   char str3[12];
   int  len ;

   /* copy str1 into str3 */
   strcpy(str3, str1);
   printf("strcpy( str3, str1) :  %s\n", str3 );

   /* concatenates str1 and str2 */
   strcat( str1, str2);
   printf("strcat( str1, str2):   %s\n", str1 );

   /* total lenghth of str1 after concatenation */
   len = strlen(str1);
   printf("strlen(str1) :  %d\n", len );

   return 0;
}

What is the mistake? Even if I define all of the sizes of strings in my program, my code still gives Abort trap:6?


回答1:


Your strcat is buffer overflowing buffer1 which can hold only strlen("computer")+1 bytes. ommitting array size does not mean "dynamic" array! When you specify the size of the array, you are reserving as many bytes as you want: again you need to avoid bufferoverflow of course.

So,

 strcpy(str3, str1);

and

 strcat( str1, str2);

are ok since str3 size is enough for str1, and str1 is enough for strlen(str1) + strlen(str2) + 1, i.e. exactly 11: 5 (hello) + 5 (world) + 1 (terminator). The magic number 12 was choosen with a reason, big enough to hold both strings and a terminator.

About C strings

C-strings are array of chars where the last is "null", '\0', i.e. they are array of chars where the last one is 0. This terminator is needed so that string related functions can understand where the string ends.

If it happens that a null byte is found in the middle of a string, from the point of view of C string functions, the string will end at that point. E.g.

char buffer1[] = "computer\0program";
// array: { 'c', 'o', ... '\0', 'p', 'r', 'o', .., 'm', '\0' }

// ...
printf("%s\n", buffer1);

will print computer only. But at this point the buffer will be big enough to hold computer and program, a terminator (and another extra byte), since the compiler computed the size of the char array considering the literal sequence of characters which syntactically ends at the second ".

But for all C-string functions, the string contained in buffer1 is computer. Note also that sizeof buffer1 will give the correct size of the buffer, i.e. 17, opposed to the result of strlen(buffer1) which is just 8.




回答2:


From the man page of strcat:

DESCRIPTION The strcat() function appends the src string to the dest string, overwriting the termi‐ nating null byte ('\0') at the end of dest, and then adds a terminating null byte. The strings may not overlap, and the dest string must have enough space for the result. If dest is not large enough, program behavior is unpredictable; buffer overruns are a favorite avenue for attacking secure programs.

When you declare your string, the compiler allocate the size of your initial string to be 9 (resp. 8) for the buffer1 (resp. string) (includin '\0').

Thus, strcat will result in 9 - 1 + 8 (i.e. 16 bytes) but only 9 are available.




回答3:


The first parameter of strcat is used to store the result, so it must have enough space for the concatenated string.

In your code:

char buffer1[] = "computer";

is equivalent to:

char buffer1[9] = "computer";

defines a char array with just enough space for the string "computer", but not enough space for the result.




回答4:


char buffer1[] = "computer";

Creates a buffer big enough to hold 9 characters (strlen("Hello" + 1 byte for \0)). If you write anymore data to it what you end up with is Undefined behavior (UB). This is what happens when you do a strcat.
UB means the program might crash or show literally any behavior. You are rather lucky that a program with UB crashes because it does not need to, but if it does atleast there is a indication of something wrong in it. Most of the times programs with UB will continue running correctly and crash when you least expect or want them to.



来源:https://stackoverflow.com/questions/20922478/size-definition-of-strcat-function

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!