0

I decompiled a application and I don't know the real array size so I made it pretty big but I wonder do I need to make exactly what I know it's going to be before the strcpy is used or must I consider the size of the strcpy as well?

signed int __cdecl SendSomePacket(struct CONNECTION* conn, int a1, int a2, const char *a3)
{
  //char buf[256]; // [sp+10h] [bp-9h]@1
  char buf[10]; // [sp+10h] [bp-9h]@1

  *(unsigned int *)&buf[1] = a1;
  *(unsigned int *)&buf[5] = a2;
  strcpy(&buf[9], a3);
  buf[0] = 0xEu;                                // Packet Type
  return SendPacket(CONNECTION->socket, buf, strlen(a3) + 10, 1);
}

I ask should I leave it with 256 which is the default size it guesses by which is always multiplies of 2 like 256,512,1024,2048..

char buf[256]; // [sp+10h] [bp-9h]@1

or should I make it as small as possible to save memory.

char buf[10]; // [sp+10h] [bp-9h]@1

which I figured after the strlen(a3) that number is how big the buffer should be.

I tried just strcpy with a buffer size of 10.. and I put in a string thats over 500 in length and it worked maybe just got lucky. I just wanted to know should I make the static buffer large enough for the initial packet + the data from the strcpy or just for the packet alone? and the packet gets appended probably anyways.

Here is a example I tried.

http://ideone.com/w7DsCl

user3435580
  • 566
  • 1
  • 4
  • 15
  • 1
    Your `strcpy` call will write `strlen(a3) + 1` characters, which will possibly write beyond the end of the array `buf` if it's to small. The `+1` is for the string terminator, which `strcpy` will always write. – Some programmer dude Apr 24 '14 at 09:23

4 Answers4

3

It will copy as many characters as there are in the source string. It has no idea how large the destination buffer is, and will overwrite into random territory if you're giving it a too long source string. There is no "default size" and absolutely no "guessing" involved.

Be careful, it sounds as if you're not very clear on how the basics work here.

If you know the length of the source already, it's better to use memcpy().

unwind
  • 391,730
  • 64
  • 469
  • 606
  • I tried just strcpy with a buffer size of 10.. and I put in a string thats over 500 in length and it worked maybe just got lucky. I just wanted to know should I make the static buffer large enough for the initial packet + the data from the strcpy or just for the packet alone? and the packet gets appended probably anyways. http://ideone.com/w7DsCl – user3435580 Apr 24 '14 at 09:26
  • @user3435580 Yes you were just lucky, that is undefined behavior and very dangerous. – unwind Apr 24 '14 at 09:28
  • Alright that's all I wanted to know thanks. I'll make it as big as the string that can possibly go into the function + the packet itself. – user3435580 Apr 24 '14 at 09:31
1

I think it is better if you use dynamic memory allocation using malloc.

Do this:

char *buf = malloc(strlen(s3) + 1 + sizeof(a1) + sizeof(a2));

then

sprintf(buf, "%u%u", a1, a2);
strcpy(buf + 8, a3); // Assuming sizeof(u_int) == 4

It will be memory efficient.

Do remember to free the buf after use.

0xF1
  • 6,046
  • 2
  • 27
  • 50
1

strcpy will write as many byes as length of source string so it will go beyond your buffer size. so it is preferred to use bigger size array or to use dynamic memory allocation.

chetan kankotiya
  • 106
  • 6
1

A lot of the confused criticism about strcpy() being an unsafe function comes from using it like this.

Before any call to strcpy(), you need to know the size of the data to be copied. If you don't know this in advance, you must call strlen() to find out, before calling strcpy(). Otherwise your program is vulnerable to buffer overflows.

If you do know the size, strcpy() is however perfectly safe to use.

Lundin
  • 195,001
  • 40
  • 254
  • 396