Provided by: manpages-dev_4.04-2_all bug


       strcpy, strncpy - copy a string


       #include <string.h>

       char *strcpy(char *dest, const char *src);

       char *strncpy(char *dest, const char *src, size_t n);


       The  strcpy()  function  copies the string pointed to by src, including
       the terminating null byte ('\0'), to the buffer  pointed  to  by  dest.
       The  strings  may  not overlap, and the destination string dest must be
       large enough to receive the copy.  Beware  of  buffer  overruns!   (See

       The  strncpy()  function is similar, except that at most n bytes of src
       are copied.  Warning: If there is no null byte among the first n  bytes
       of src, the string placed in dest will not be null-terminated.

       If  the  length of src is less than n, strncpy() writes additional null
       bytes to dest to ensure that a total of n bytes are written.

       A simple implementation of strncpy() might be:

           char *
           strncpy(char *dest, const char *src, size_t n)
               size_t i;

               for (i = 0; i < n && src[i] != '\0'; i++)
                   dest[i] = src[i];
               for ( ; i < n; i++)
                   dest[i] = '\0';

               return dest;


       The  strcpy()  and  strncpy()  functions  return  a  pointer   to   the
       destination string dest.


       For   an   explanation   of   the  terms  used  in  this  section,  see

       │InterfaceAttributeValue   │
       │strcpy(), strncpy() │ Thread safety │ MT-Safe │


       POSIX.1-2001, POSIX.1-2008, C89, C99, SVr4, 4.3BSD.


       Some programmers consider strncpy() to be inefficient and error  prone.
       If  the  programmer knows (i.e., includes code to test!)  that the size
       of dest is greater than the length of src, then strcpy() can be used.

       One valid (and intended) use of strncpy() is to copy a C  string  to  a
       fixed-length  buffer  while  ensuring  both  that  the  buffer  is  not
       overflowed and that unused bytes in the target buffer  are  zeroed  out
       (perhaps to prevent information leaks if the buffer is to be written to
       media  or  transmitted  to  another   process   via   an   interprocess
       communication technique).

       If  there  is  no  terminating  null  byte in the first n bytes of src,
       strncpy() produces an unterminated string in dest.  If buf  has  length
       buflen, you can force termination using something like the following:

           strncpy(buf, str, buflen - 1);
           if (buflen > 0)
               buf[buflen - 1]= '\0';

       (Of  course, the above technique ignores the fact that, if src contains
       more than buflen - 1 bytes, information  is  lost  in  the  copying  to

       Some  systems  (the  BSDs,  Solaris,  and others) provide the following

           size_t strlcpy(char *dest, const char *src, size_t size);

       This function is similar to strncpy(), but it  copies  at  most  size-1
       bytes  to  dest,  always adds a terminating null byte, and does not pad
       the target with (further) null bytes.  This function fixes some of  the
       problems  of  strcpy()  and strncpy(), but the caller must still handle
       the possibility of data loss if size is too small.  The return value of
       the function is the length of src, which allows truncation to be easily
       detected: if the return  value  is  greater  than  or  equal  to  size,
       truncation  occurred.   If loss of data matters, the caller must either
       check the arguments before the call, or test the function return value.
       strlcpy() is not present in glibc and is not standardized by POSIX, but
       is available on Linux via the libbsd library.


       If the destination string of a  strcpy()  is  not  large  enough,  then
       anything  might  happen.   Overflowing fixed-length string buffers is a
       favorite cracker technique for taking complete control of the  machine.
       Any  time  a  program  reads  or copies data into a buffer, the program
       first  needs  to  check  that  there's  enough  space.   This  may   be
       unnecessary  if  you  can  show  that  overflow  is  impossible, but be
       careful: programs can get changed over time, in ways that may make  the
       impossible possible.


       bcopy(3),  memccpy(3),  memcpy(3),  memmove(3),  stpcpy(3), stpncpy(3),
       strdup(3), string(3), wcscpy(3), wcsncpy(3)


       This page is part of release 4.04 of the Linux  man-pages  project.   A
       description  of  the project, information about reporting bugs, and the
       latest    version    of    this    page,    can     be     found     at