Strings in C are represented as arrays of characters terminated by a null character (‘\0’). Since C doesn’t have a built-in string data type, we rely on functions from the C Standard Library (<string.h>) to manipulate strings.
These functions can be broadly categorized into:
- Restricted String Functions
- Unrestricted String Functions
Let’s understand what these terms mean and how they impact program safety and behavior.
What are Restricted String Functions?
Restricted string functions are functions that limit the number of characters they operate on. This restriction helps prevent buffer overflows, which is one of the most common vulnerabilities in C programs.
Characteristics of Restricted String Functions:
- They accept a parameter that defines the maximum number of characters to read or write.
- They help prevent out-of-bounds access.
- Safer for use with user input or dynamic strings.
Common Restricted String Functions:
Function | Description |
---|---|
strncpy() | Copies up to n characters from source to destination. |
strncat() | Appends up to n characters from source to destination. |
strncmp() | Compares up to n characters of two strings. |
Example:
#include <stdio.h> #include <string.h> int main() { char output[15]; char input[] = "LearnCNow"; strncpy(output, input, sizeof(output) - 1); output[14] = '\0'; // Ensure null termination printf("Restricted Copy: %s\n", output); return 0; }
Output:
Restricted Copy: LearnCNow
This program copies a string using strncpy() safely. It copies up to 14 characters from “LearnCNow” into the output array, which has space for 15. Then, it adds a null character at the end to close the string. The result is printed using printf().
What are Unrestricted String Functions?
Unrestricted string functions do not take a length parameter. They rely entirely on the presence of the null terminator (‘\0’) to know when to stop. If the null terminator is missing or the buffer is too small, it can result in buffer overflows, memory corruption, or security vulnerabilities.
Characteristics of Unrestricted String Functions:
- Operate until a null character is found.
- Assumes destination buffer is large enough.
- Dangerous if not used carefully.
Common Unrestricted String Functions:
Function | Description |
---|---|
strcpy() | Copies the entire string from source to destination. |
strcat() | Appends the entire string from source to destination. |
strcmp() | Compares two strings entirely until null terminator. |
Example:
#include <stdio.h> #include <string.h> int main() { char dataBin[6]; char inputText[] = "Logic"; strcpy(dataBin, inputText); // Unsafe if inputText is too long printf("Unrestricted Copy: %s\n", dataBin); return 0; }
Output:
Unrestricted Copy: Logic
This program shows how strcpy() works to copy a string. It copies the word “Logic” into the dataBin array. Since dataBin has enough space (6 bytes), it works fine here. However, using strcpy() can be unsafe if the source string is longer than the destination, which may cause memory errors.
Restricted vs Unrestricted Functions in C
Feature | Restricted Functions | Unrestricted (Safer) Functions |
---|---|---|
Null-terminated required | Yes | Yes |
Built-in bounds checking | No | Yes (you set limit) |
Risk of buffer overflow | High | Lower |
Safer for input handling | No | Yes |
Best Practices
- Use Safer Functions: Prefer functions like strncpy, strncat, and snprintf to help avoid buffer overflows.
- Check for Null-Termination: After using restricted functions, make sure to add a null character if it’s not added automatically.
- Check Buffer Sizes: Always make sure the destination buffer is large enough to hold all the data you want to store.
- Don’t Use Unsafe Functions: Avoid using functions like gets, as they are unsafe and removed from the C standard library.
- Choose Better Alternatives: Use safer built-in functions or your own well-tested ones to handle special cases safely.
Sanfoundry Global Education & Learning Series – 1000 C Tutorials.
- Apply for C Internship
- Apply for Computer Science Internship
- Check Computer Science Books
- Watch Advanced C Programming Videos
- Practice Computer Science MCQs