将新字符串值分配给 char 数组的最佳方法

Question

I know that I have to use strcpy / strncpy to assign a new string value to an existing char array. Recently I saw a lot of code like this

char arr[128] = "\0";
sprintf(arr, "Hello World"); // only string constants no variable input
// or
sprintf(arr, "%s", "Hello World");

Both variants give the same result. What is the advantage of the latter variant?

Answer 1

It depends on whether the string to be copied is a literal, as shown, or can vary.

The best technique for the array shown would be:

char arr[128] = "Hello World";

If you're in charge of the string and it contains no % symbols, then there's not much difference between the two sprintf() calls. Strictly, the first uses the string as the format and copies the characters directly, while the second notes it has %s as the format and copies the characters from the extra argument directly — it's immeasurably slower. There's a case for:

snprintf(arr, sizeof(arr), "%s", "Hello World");

which ensures no buffer overflow even if "Hello World" becomes a much longer diatribe.

If you're not in charge of the string, then using snprintf() as shown becomes important as even if the string contains % symbols, it is simply copied and there's no overflow. You have to check the return value to establish whether any data was truncated.

Using strcpy() is reasonable if you know how long the string is and that there's space to hold it. Using strncpy() is fraught — it null pads to full length if the source is shorter than the target, and doesn't null terminate if the source is too long for the target.

If you've established the length of the string is short enough, using memmove() or memcpy() is reasonable too. If the string is too long, you have to choose an error handling strategy — truncation or error.

If the trailing (unused) space in the target array must be null bytes (for security reasons, to ensure there's no leftover password hidden in it), then using strncpy() may be sensible — but beware of ensuring null termination if the source is too long. In most cases, the initializer for the array is not really needed.

The compiler may be able to optimize the simple cases.

Answer 2

The first version won't work if the string contains any % characters, because sprintf() will treat them as formatting operators that need to be filled in using additional arguments.. This isn't a problem with a fixed string like Hello World , but if you're getting the string dynamically it could cause undefined behavior because there won't be any arguments to match the formatting operators. This can potentially cause security exploits.

If you're not actually doing any formatting, a better way is to just use strcpy() :

strcpy(arr, "Hello World");

Also, when initiallizing the string it's not necessary to put an explicit \\0 in the string. A string literal always ends with a null byte. So you can initialize it as:

char arr[128] = "";

And if you're immediately overwriting the variable with sprintf() or strcpy() , you don't need to initialize it in the first place.