String Functions in C

Strings in C are represented as arrays of characters terminated by a null character (‘\0’). Since C doesn’t have a built-in string data type, we rely on functions from the C Standard Library (<string.h>) to manipulate strings.

These functions can be broadly categorized into:

Restricted String Functions
Unrestricted String Functions

Let’s understand what these terms mean and how they impact program safety and behavior.

What are Restricted String Functions?

Restricted string functions are functions that limit the number of characters they operate on. This restriction helps prevent buffer overflows, which is one of the most common vulnerabilities in C programs.

Characteristics of Restricted String Functions:

They accept a parameter that defines the maximum number of characters to read or write.
They help prevent out-of-bounds access.
Safer for use with user input or dynamic strings.

Common Restricted String Functions:

Function	Description
strncpy()	Copies up to n characters from source to destination.
strncat()	Appends up to n characters from source to destination.
strncmp()	Compares up to n characters of two strings.

Example:

#include <stdio.h>
#include <string.h>
 
int main()
{
    char output[15];
    char input[] = "LearnCNow";
 
    strncpy(output, input, sizeof(output) - 1);
    output[14] = '\0';  // Ensure null termination
 
    printf("Restricted Copy: %s\n", output);
    return 0;
}

Output:

Restricted Copy: LearnCNow

This program copies a string using strncpy() safely. It copies up to 14 characters from “LearnCNow” into the output array, which has space for 15. Then, it adds a null character at the end to close the string. The result is printed using printf().

Free 30-Day Python Certification Bootcamp is Live. Join Now!

What are Unrestricted String Functions?

Unrestricted string functions do not take a length parameter. They rely entirely on the presence of the null terminator (‘\0’) to know when to stop. If the null terminator is missing or the buffer is too small, it can result in buffer overflows, memory corruption, or security vulnerabilities.

Characteristics of Unrestricted String Functions:

Operate until a null character is found.
Assumes destination buffer is large enough.
Dangerous if not used carefully.

Common Unrestricted String Functions:

Function	Description
strcpy()	Copies the entire string from source to destination.
strcat()	Appends the entire string from source to destination.
strcmp()	Compares two strings entirely until null terminator.

Example:

#include <stdio.h>
#include <string.h>
 
int main() {
    char dataBin[6];
    char inputText[] = "Logic";
 
    strcpy(dataBin, inputText);  // Unsafe if inputText is too long
    printf("Unrestricted Copy: %s\n", dataBin);
    return 0;
}

Output:

Unrestricted Copy: Logic

This program shows how strcpy() works to copy a string. It copies the word “Logic” into the dataBin array. Since dataBin has enough space (6 bytes), it works fine here. However, using strcpy() can be unsafe if the source string is longer than the destination, which may cause memory errors.

Restricted vs Unrestricted Functions in C

Feature	Restricted Functions	Unrestricted (Safer) Functions
Null-terminated required	Yes	Yes
Built-in bounds checking	No	Yes (you set limit)
Risk of buffer overflow	High	Lower
Safer for input handling	No	Yes

Best Practices

Use Safer Functions: Prefer functions like strncpy, strncat, and snprintf to help avoid buffer overflows.
Check for Null-Termination: After using restricted functions, make sure to add a null character if it’s not added automatically.
Check Buffer Sizes: Always make sure the destination buffer is large enough to hold all the data you want to store.
Don’t Use Unsafe Functions: Avoid using functions like gets, as they are unsafe and removed from the C standard library.
Choose Better Alternatives: Use safer built-in functions or your own well-tested ones to handle special cases safely.