1

Possible Duplicate:
Why does this intentionally incorrect use of strcpy not fail horribly?

Below see below code:

char* stuff = (char*)malloc(2);
 strcpy(stuff,"abc");
 cout<<"The size of stuff is : "<<strlen(stuff);

Even though I assigned 2 bytes to stuff, why does strcpy still work and the output of strlen is 3. Shouldn't this throw something like index out of bounds?

Community
  • 1
  • 1
Programmer
  • 6,565
  • 25
  • 78
  • 125

5 Answers5

3

C and C++ don't do automatic bounds checking like Java and C# do. This code will overwrite stuff in memory past the end of the string, corrupting whatever was there. That can lead to strange behavior or crashes later, so it's good to be cautious about such things.

Accessing past the end of an array is deemed "undefined behavior" by the C and C++ standards. That means the standard doesn't specify what must happen when a program does that, so a program that triggers UB is in never-never-land where anything might happen. It might continue to work with no apparent problems. It might crash immediately. It might crash later when doing something else that shouldn't have been a problem. It might misbehave but not crash. Or velociraptors might come and eat you. Anything can happen.

Writing past the end of an array is called a buffer overflow, by the way, and it's a common cause of security flaws. If that "abc" string were actually user input, a skilled attacker could put bytes into it that end up overwriting something like the function's return pointer, which can be used to make the program run different code than it should, and do different things than it should.

Wyzard
  • 33,849
  • 3
  • 67
  • 87
0

you just over write heap memory, no crash usually, but bad things can happen later. C does not prevent you from shooting your own foot, no such thing as array out of bounds.

pizza
  • 7,296
  • 1
  • 25
  • 22
  • But does this do automatic memory allocation on the heap and the previous allocated 2 bytes are LOST? – Programmer Mar 29 '12 at 04:51
  • you over wrote 2 byte on the heap which isn't owned by you, so anything can happen, the integrity of your running process is now in question, you may can a crash or bad results or nothing happens later. – pizza Mar 29 '12 at 05:02
  • @Programmer: The answer to both parts of your question is _no_. Your code simply overwrites memory past the end of the block you allocated. If you are lucky it will crash quickly to let you know there is a bug. – Blastfurnace Mar 29 '12 at 05:03
0

No, your char pointer now points to a character of length 3. Generally this would not cause any problems, but you might overwrite some critical memory region and cause the program to crash(you can expect to see a segmentation fault then). Specially when you are performing such operations over a large amount of memory

Sumit Bisht
  • 1,507
  • 1
  • 16
  • 31
0

  here is the implementation of "strcpy"

char *strcpy(char *strDestination, const char *strSource)
  {
  assert(strDestination && strSource);
  char *strD=strDestination;
  while ((*strDestination++=*strSource++)!='\0')
  NULL;
  return strD;
  }

you should ensure the destination have enough space. However,what it is,it is.

liximomo
  • 378
  • 2
  • 12
0

strcpy does not check for sufficient space in strDestination before copying strSource, ALso it does not perform bounds checking, and thus risks overrunning from or to. it is a potential cause of buffer overruns.

Ashish Kasma
  • 3,594
  • 7
  • 26
  • 29