A pitfall of strncpy.

Abstract: When you put the correct arguments of strncpy, there is a case that your char[] buffer may not contain a valid C string anymore. The strncpy function has this unexpected behavior because of the standard specification. It is also mentioned in the ``Writing Solid Code'' as a defect of function design. Actually, Stroustrup's C++ Programming Language book mentioned it, and the book suggests to not to use it. (at page 600 of the third edition.) But it is mentioned in one line comment of a sample code. I think people usually can not realize that except someone have been bitten by this bug like me.

• A pitfall of strncpy.
  • I thought strncpy is safer than strcpy, since it has a size limit of buffer copying. Like next buffer overrun can be avoided.

    	  const int NBUF = 4;
    	  char *pS0 = "This string has more than 4 characters.";
    	  char s1[NBUF];
    	  strcpy(s1, pS0); // Buffer overrun. A cracker love this code!
    	  

  • If this is written as next:

    	  const int NBUF = 4;
    	  char *pS0 = "This string has more than 4 characters.";
    	  char s1[NBUF];
    	  strncpy(s1, pS0, NBUF); // no buffer overrun.
    	  

    But, in this case, the string s1 is not terminated by '\0'. This is written in manual, but this is not not intuitive. Next time you use this, you may have a problem. This 'may' is really nasty. If you get always the same problem, it is much easy to detect that. However, sometimes this bug hide. Next code is correct. But, If the pS0's length is less than NBUF, the last line is not necessary. Therefore, some people may complain this code. However, knowing the length of string is prone to costly, and also there is buffer overrun (read) problem.

    	  const int NBUF = 4;
    	  char *pS0 = "This string has more than 4 characters.";
    	  char s1[NBUF];
    	  strncpy(s1, pS0, (NBUF - 1)); // no buffer overrun.
    	  s1[NBUF - 1] = '\0'; // This is at least correct.
    	  

  • I had this bug a several years ago. But this time I found this bug's story in the book Writing solid code also.
  • Qt's QString has isNull() and isEmpty() methods.
    C's string has more problem. Is it 'char *' or char[]? GUI toolkit Qt tried to clear this problem, and QString had two methods, isEmpty() and isNull(). Since in the case of char[], intuitively char[0] exists at least. (I mean that char s[1]; not gcc extension char s[0].)
    • QString::isNull() is the check function, some memory is allocated for string or not. Substantially, this is a checking function, char* pS == NULL or not.
    • QString::isEmpty() is the check function, some memory has already been allocated, but printable string is there or not. Substantially, this is a checking function, char pS[0] == '\0' or not. (At least char pS[0] is allocated.)
    The decision of Qt's version 4 is only use isEmpty(). I think it is better idea. One character is allocated or not is not so much matter in these days after an QString object has already been allocated.