unclear strcpy behavior | Smarter Dev | Page 1

celest moon Sep 15, 2023, 8:09 PM

#

Hey there,
I'm currently trying to get into C.
While messing around with strcpy I had some unexpected results that I don't really understand.

So I wrote this method to switch the values of two string vars:

void switchValues(char* first, char* second)
{
    int size = sizeof(second);
    char temp[size];

    strcpy(temp, second);
    strcpy(second, first);
    strcpy(first, temp);
}

As long as first and second point to arrays of the same size everything works fine.
If one is smaller, it should not work correctly - as we should expect.

My problem is with the way it does not work correctly.

I call it like this

    char name1[] = "John";
    char name2[] = "James";
    switchValues(name1, name2);

As long as the size of name2 is greater everything still works.

Before
name1: John
name2: James

After
name1: James
name2: John

But if name1 contains the greater value I end up with some weird concatenation.

Before
name1: James
name2: John

After
name1: John
name2: JamesJohn

Does anybody know why there is a difference based on the size of the arrays - and more importantly - why it ends up in concatenation?
I mean name1 should not fit into name2, yet name2 ends up being both values together.

hasty bough Sep 15, 2023, 8:10 PM

#

Don’t use sizeof to get the size of a string. Use strlen

celest moon Sep 15, 2023, 8:14 PM

#

ah yeah thx
I was wondering why sizeof gets me len+1

#

so this concatenation thing is based on the fact that the array is to small to contain the data, but why does it happen and how does the whole concatenated string fit into the array that couldn't fit the other value in the first place

hasty bough Sep 15, 2023, 8:29 PM

#

I am not sure how it works, maybe @oblique portal can explain

celest moon Sep 15, 2023, 9:08 PM

#

It seems to be that strcpy copies the whole string to the location of name2. But only the number of chars that fit into the array are really part of the array range in memory. When calling printf, it seems to print everything starting from the first element of the array till the next null terminator. So it print more than the boundaries of name2.

This explains why the size of the array is smaller than the string len

After
name1: John
name1 sizeof: 6, len: 4
name2: JamesJohn
name2 sizeof: 5, len: 9

something like that...

oblique portal Sep 15, 2023, 9:16 PM

#

When you pass an array to a function it decays to a pointer to the first element of the array.

#

So when you take sizeof, it's returning the size of the pointer, and not the size of the array.

celest moon Sep 15, 2023, 9:24 PM

#

the sizeof above is from the calling function, so not the pointer

#

like this

char name1[] = "James";
sizeof(name1)

oblique portal Sep 15, 2023, 9:34 PM

#

Yes, that will return the size of the array.

celest moon Sep 15, 2023, 9:35 PM

#

celest moon It seems to be that `strcpy` copies the whole string to the location of `name2`....

Based on this it could also end in an exception if there is not enough memory at the location of name2.
I mean if there is a spot in memory reserved for 5 chars - because thats the fixed size of the array - and you try to copy 20 chars, it can not fit into that spot. So I guess either an exception is thrown or the the existing data will be overwritten

oblique portal Sep 15, 2023, 9:35 PM

#

Which in this case is 6.

#

Anyway, let me read the rest! haha sorry

#

strcpy(first, temp);

#

the destination is smaller than the source.

#

so you're corrupting stuff.

#

since we know strlen(temp) > strlen(first), yet you're trying to stuff it inside it

celest moon Sep 15, 2023, 9:46 PM

#

celest moon It seems to be that `strcpy` copies the whole string to the location of `name2`....

what I don't really get about this is, why does it not end after James?
I mean James\0 is the value to copy.
Jame does fit into the array.
So there is s\0 left.
So if printf gets the chars from name2[0] to the first occuring \0, why doesn't it print James but JamesJohn?

hallow radish Sep 15, 2023, 9:46 PM

#

Buffer overflow

celest moon Sep 15, 2023, 9:58 PM

#

ahhh I see
It gets clearer if you choose greater values...

originally there is John\0 in name2
now I copy James\0 which ends up as James in name2 - the missing \0 is not copied
so I have now name2 and name1 next to each other in memory and since there is no \0 for name2, I get the values of both printed when it reaches the \0 of name1

so it looks something like this

Address | Value | Array
 101    |   J   |  name2
 102    |   a   |  name2
 103    |   m   |  name2
 104    |   e   |  name2
 105    |   s   |  name2
 106    |   J   |  name1
 107    |   o   |  name1
 108    |   h   |  name1
 109    |   n   |  name1
 110    |  \0   |  name1

celest moon Sep 16, 2023, 12:39 PM

#

yeah seems legit
this is the actual output

name2[0]: 0061FF05 -> J
name2[1]: 0061FF06 -> a
name2[2]: 0061FF07 -> m
name2[3]: 0061FF08 -> e
name2[4]: 0061FF09 -> s
---
name1[0]: 0061FF0A -> J
name1[1]: 0061FF0B -> o
name1[2]: 0061FF0C -> h
name1[3]: 0061FF0D -> n
name1[4]: 0061FF0E ->
name1[5]: 0061FF0F ->

so if name1 would be filled too, it would even continue to read

I guess I have my explanation

#unclear strcpy behavior