C/C++ Unsafe String Handling

Questions and Answers

What happens when a null source or destination buffer is passed to strcpy?

• It returns a zero value.
• It copies an empty string.
• It overwrites the buffer.
• An exception is raised. (correct)

What is one of the main issues with the strcpy function?

• It requires a fixed buffer size.
• It does not check for null-termination of strings. (correct)
• It automatically expands the destination buffer.
• It cannot handle characters properly.

Which of the following functions is considered safer than strcpy?

• sprintf
• strcat
• strchr
• strncpy (correct)

What happens if the destination buffer size is insufficient when using strcpy?

Buffer overflow may occur. (A)

What is the correct prototype of the strncpy function?

char *strncpy (char *strDest, const char *strSource, size_t count); (B)

Study Notes

Unsafe String Handling in C/C++

• Functions like strcpy, sprintf, and gets are considered unsafe for string handling in C/C++.
• strcpy prototype: char *strcpy (char *strDest, const char *strSource);
• Null pointers in either the source or destination buffer will raise an exception.
• Undefined behavior occurs if strings are not null-terminated.
• No safeguard exists to check if the destination buffer is large enough to hold the source string.

Safer String Functions

• Safer alternatives allow specification of the number of bytes or characters to be handled.
• Examples of safer functions include strncpy, _snprintf, and fgets.
• strncpy prototype: char *strncpy (char *strDest, const char *strSource, size_t count);
• strncpy provides more control by allowing the programmer to define how many characters to copy, reducing the risk of buffer overflows.

Description

This quiz covers the unsafe string handling functions in C/C++, such as strcpy and sprintf. You'll learn about the potential pitfalls associated with these functions and explore safer alternatives like strncpy and fgets. Test your understanding of how to manage strings safely in programming.