strcpy(3) — Linux manual page


STRCPY(3)                 Linux Programmer's Manual                STRCPY(3)

NAME         top

       strcpy, strncpy - copy a string

SYNOPSIS         top

       #include <string.h>

       char *strcpy(char *dest, const char *src);

       char *strncpy(char *dest, const char *src, size_t n);

DESCRIPTION         top

       The strcpy() function copies the string pointed to by src, including
       the terminating null byte ('\0'), to the buffer pointed to by dest.
       The strings may not overlap, and the destination string dest must be
       large enough to receive the copy.  Beware of buffer overruns!  (See

       The strncpy() function is similar, except that at most n bytes of src
       are copied.  Warning: If there is no null byte among the first n
       bytes of src, the string placed in dest will not be null-terminated.

       If the length of src is less than n, strncpy() writes additional null
       bytes to dest to ensure that a total of n bytes are written.

       A simple implementation of strncpy() might be:

           char *
           strncpy(char *dest, const char *src, size_t n)
               size_t i;

               for (i = 0; i < n && src[i] != '\0'; i++)
                   dest[i] = src[i];
               for ( ; i < n; i++)
                   dest[i] = '\0';

               return dest;

RETURN VALUE         top

       The strcpy() and strncpy() functions return a pointer to the
       destination string dest.

ATTRIBUTES         top

       For an explanation of the terms used in this section, see

       │Interface           Attribute     Value   │
       │strcpy(), strncpy() │ Thread safety │ MT-Safe │

CONFORMING TO         top

       POSIX.1-2001, POSIX.1-2008, C89, C99, SVr4, 4.3BSD.

NOTES         top

       Some programmers consider strncpy() to be inefficient and error
       prone.  If the programmer knows (i.e., includes code to test!)  that
       the size of dest is greater than the length of src, then strcpy() can
       be used.

       One valid (and intended) use of strncpy() is to copy a C string to a
       fixed-length buffer while ensuring both that the buffer is not
       overflowed and that unused bytes in the destination buffer are zeroed
       out (perhaps to prevent information leaks if the buffer is to be
       written to media or transmitted to another process via an
       interprocess communication technique).

       If there is no terminating null byte in the first n bytes of src,
       strncpy() produces an unterminated string in dest.  If buf has length
       buflen, you can force termination using something like the following:

           if (buflen > 0) {
               strncpy(buf, str, buflen - 1);
               buf[buflen - 1]= '\0';

       (Of course, the above technique ignores the fact that, if src con‐
       tains more than buflen - 1 bytes, information is lost in the copying
       to dest.)

       Some systems (the BSDs, Solaris, and others) provide the following

           size_t strlcpy(char *dest, const char *src, size_t size);

       This function is similar to strncpy(), but it copies at most size-1
       bytes to dest, always adds a terminating null byte, and does not pad
       the destination with (further) null bytes.  This function fixes some
       of the problems of strcpy() and strncpy(), but the caller must still
       handle the possibility of data loss if size is too small.  The return
       value of the function is the length of src, which allows truncation
       to be easily detected: if the return value is greater than or equal
       to size, truncation occurred.  If loss of data matters, the caller
       must either check the arguments before the call, or test the function
       return value.  strlcpy() is not present in glibc and is not standard‐
       ized by POSIX, but is available on Linux via the libbsd library.

BUGS         top

       If the destination string of a strcpy() is not large enough, then
       anything might happen.  Overflowing fixed-length string buffers is a
       favorite cracker technique for taking complete control of the
       machine.  Any time a program reads or copies data into a buffer, the
       program first needs to check that there's enough space.  This may be
       unnecessary if you can show that overflow is impossible, but be
       careful: programs can get changed over time, in ways that may make
       the impossible possible.

SEE ALSO         top

       bcopy(3), memccpy(3), memcpy(3), memmove(3), stpcpy(3), stpncpy(3),
       strdup(3), string(3), wcscpy(3), wcsncpy(3)

COLOPHON         top

       This page is part of release 5.09 of the Linux man-pages project.  A
       description of the project, information about reporting bugs, and the
       latest version of this page, can be found at

GNU                              2019-03-06                        STRCPY(3)

Pages that refer to this page: bcopy(3)memccpy(3)memcpy(3)memmove(3)stpcpy(3)strcat(3)string(3)strncat(3)wcpcpy(3)wcscpy(3)feature_test_macros(7)signal-safety(7)