C/C++ Unsafe String Handling

Questions and Answers

What happens when a null source or destination buffer is passed to strcpy?

• It returns a zero value.
• It copies an empty string.
• It overwrites the buffer.
• An exception is raised. (correct)

What is one of the main issues with the strcpy function?

• It requires a fixed buffer size.
• It does not check for null-termination of strings. (correct)
• It automatically expands the destination buffer.
• It cannot handle characters properly.

Which of the following functions is considered safer than strcpy?

• sprintf
• strcat
• strchr
• strncpy (correct)

What happens if the destination buffer size is insufficient when using strcpy?

Buffer overflow may occur. (A)

What is the correct prototype of the strncpy function?

char *strncpy (char *strDest, const char *strSource, size_t count); (B)

Flashcards are hidden until you start studying

Study Notes

Unsafe String Handling in C/C++

• Functions like strcpy, sprintf, and gets are considered unsafe for string handling in C/C++.
• strcpy prototype: char *strcpy (char *strDest, const char *strSource);
• Null pointers in either the source or destination buffer will raise an exception.
• Undefined behavior occurs if strings are not null-terminated.
• No safeguard exists to check if the destination buffer is large enough to hold the source string.

Safer String Functions

• Safer alternatives allow specification of the number of bytes or characters to be handled.
• Examples of safer functions include strncpy, _snprintf, and fgets.
• strncpy prototype: char *strncpy (char *strDest, const char *strSource, size_t count);
• strncpy provides more control by allowing the programmer to define how many characters to copy, reducing the risk of buffer overflows.