Thread: Warning Messages with the strcpy, strcat and strlen functions

Hello, I am having error messages when using the above functions in linux mint 17. Here is my code and the terminal message.

Code:

#include<stdio.h>

main()
{

char name[16];
char string2[40];
int length;

strcpy(name, "Mark");
strcpy(string2, "My name is ");
strcat(string2, name);
strcat(string2, "\n");

printf(string2);
length = strlen(string2);
printf("The length of this string >>%s<< is %d characters \n", string2, length);

return 0;

}

[Result]
gs_2.c
strings_2.c: In function ‘main’:
strings_2.c:10:1: warning: incompatible implicit declaration of built-in function ‘strcpy’ [enabled by default]
strcpy(name, "Mark");
^
strings_2.c:12:1: warning: incompatible implicit declaration of built-in function ‘strcat’ [enabled by default]
strcat(string2, name);
^
strings_2.c:15:1: warning: format not a string literal and no format arguments [-Wformat-security]
printf(string2);
^
strings_2.c:16:10: warning: incompatible implicit declaration of built-in function ‘strlen’ [enabled by default]
length = strlen(string2);
^
[/Result]

Thanks in advance for your help:

Also, while it may seem a bit difficult now, it is a lot safer to forget about strcpy and strcat and use their friends - strncpy and strncat. While big strings can mitigate the problem, the versions that do not take a count of characters can and will try to copy more stuff than you have space for.

Code:

    char name[16];
    char string2[40];
   
    int used = 0;
    int length = 0;
    strncpy(name, "Mark", sizeof name - 1);
    strncpy(string2, "My name is ", sizeof string2 - 1);
    used = strlen(string2);
    if (strlen(name) + used < sizeof string2)
    {
       strncat(string2, name, sizeof string2 - used - 1);
       length = strlen(string2);
       printf("The length of this string >>%s<< is %d characters \n", string2, length);
    }
    else
    {
       /* string2 may be truncated! */
    }

This tip is especially important for user input that you glue into a string, and - though it may seem like a lot of work - it is basic safety.

@whiteflags, name and string2 are not necessarily null-terminated in your example (they happen to be due to the length of the strings, but that's not the point). Perhaps:

Code:

char name[16] = {0};
char string2[40] = {0};

Originally Posted by algorism

@whiteflags, name and string2 are not necessarily null-terminated in your example (they happen to be due to the length of the strings, but that's not the point). Perhaps:

Code:

char name[16] = {0};
char string2[40] = {0};

That is true. As a matter of fact, I tend to use strncat() for copying into an empty C string, rather than using strncpy() at all, as the result will always be terminated.

Code:

char name[16];
size_t capacity = sizeof name - 1;
/* Regardless of name's initialization, you can do the following: */
name[0] = '\0';
strncat(name, "Mark", capacity);

As you demonstrated, there is no reason strncpy() can't work, so I tend not to push my personal habits.

Thanks very much for your tips. They have been very helpful.