C string handling: Difference between revisions

Content deleted Content added

Inline

Revision as of 00:18, 7 September 2012

C string handling refers to a group of functions implementing operations on strings in the C standard library. Various operations, such as copying, concatenation, tokenization and searching are supported.

The only support in the C programming language itself for strings is that the compiler will translate a quoted string constant in the source into a null-terminated string stored in static memory.

However the standard C library provides a large number of functions designed to manipulate these null-terminated strings. These functions are so popular and used so often that they are usually considered part of the definition of C.

Definitions

A string is a contiguous sequence of characters terminated by and including the first null character (written '\0' and corresponding to the ASCII character NUL). In C, there are two types of strings: string, which is sometimes called byte string, and wide string.^[1] A byte string contains the type chars as code units (one char is at least 8 bits), whereas a wide string contains the type wchar_t as code units.

A common misconception is that all char arrays are strings, because string literals are converted to arrays during the compilation (or translation) phase.^[2] It is important to remember that a string ends at the first null character. An array or string literal that contains a null character before the last byte therefore contains a string, or possibly several strings, but is not itself a string.^[3] Conversely, it is possible to create a char array that is not null-terminated and is thus not a string. char is often used as integer when needing to save memory, for example when having an array of booleans.

The term pointer to a string is used in C to describe a pointer to the initial (lowest-addressed) byte of a string.^[1] In C, pointers are used to pass strings to functions. Documentation (including this page) will often use the term string to mean pointer to a string.

The term length of a string is used in C to describe the number of bytes preceding the null character.^[1] strlen is a standardised function commonly used to determine the length of a string.

Character encodings

Each string ends at the first occurrence of the null character of the appropriate kind (char or wchar_t). A null character is a character represented as a zero. Consequently, a byte string can contain non-NUL characters in ASCII or any ASCII extension, but not characters in encodings such as UTF-16 (even though a 16-bit code unit might be nonzero, its high or low byte might be zero). The encodings that can be stored in wide strings are defined by the width of wchar_t. In most implementations, wchar_t is at least 16 bits, and so all 16-bit encodings, such as UCS-2, can be stored. If wchar_t is 32-bits, then 32-bit encodings, such as UTF-32, can be stored.

Variable-width encodings can be used in both byte strings and wide strings. String length and offsets are measured in bytes or wchar_t, not in "characters", which can be confusing to beginning programmers. UTF-8 and Shift JIS are often used in C byte strings, while UTF-16 is often used in C wide strings when wchar_t is 16 bits. Truncating strings with variable length characters using functions like strncpy can produce invalid sequences at the end of the string. This can be unsafe if the truncated parts are interpreted by code that assumes the input is valid.

Support for Unicode literals such as char foo[512] = "φωωβαρ";(UTF-8) or wchar_t foo[512] = L"φωωβαρ"; (UTF-16 or UTF-32) is implementation defined,^[4] and may require that the source code be in the same encoding. Some compilers or editors will require entering all non-ASCII characters as \xNN sequences for each byte of UTF-8, and/or \uNNNN for each word of UTF-16.

Overview of functions

Most of the functions that operate on C strings are defined in the string.h (cstring header in C++). Functions that operate on C wide strings are defined in the wchar.h (cwchar header in C++). These headers also contain declarations of functions used for handling memory buffers; the name is thus something of a misnomer.

Functions declared in string.h are extremely popular since, as a part of the C standard library, they are guaranteed to work on any platform which supports C. However, some security issues exist with these functions, such as buffer overflows, leading programmers to prefer safer, possibly less portable variants, of which some popular ones are listed here. Some of these functions also violate const-correctness by accepting a const string pointer and returning a non-const pointer within the string. To correct this, some have been separated into two overloaded functions in the C++ version of the standard library.

In historical documentation the term "character" was often used instead of "byte" for C strings, which leads many to believe that these functions somehow do not work for UTF-8. In fact all lengths are defined as being in bytes and this is true in all implementations, and these functions work as well with UTF-8 as with any other byte encoding. The BSD documentation has been fixed to make this clear, but POSIX, Linux, and Windows documentation still uses "character" in many places where "byte" or "wchar_t" is the correct term.

Constants and types

Name	Notes
`NULL`	macro expanding to the null pointer constant; that is, a constant representing a pointer value which is guaranteed not to be a valid address of an object in memory.
`wchar_t`	type used for a code unit in a wide strings, usually either 16 or 32 bits.
`wint_t`	integer type that can hold any value of a wchar_t as well as the value of the macro WEOF. This type is unchanged by integral promotions. Usually a 32 bit signed value.
`mbstate_t`	contains all the information about the conversion state required from one call to a function to the other.

Functions

	Byte string	Wide string	Description^{[note 1]}
String manipulation	`strcpy`	`wcscpy`	copies one string to another
	`strncpy`	`wcsncpy`	writes exactly n bytes/`wchar_t`, copying from source or adding nulls
	`strcat`	`wcscat`	appends one string to another
	`strncat`	`wcsncat`	appends no more than n bytes/`wchar_t` from one string to another
	`strxfrm`	`wcsxfrm`	transforms a string according to the current locale
String examination	`strlen`	`wcslen`	returns the length of the string
	`strcmp`	`wcscmp`	compares two strings
	`strncmp`	`wcsncmp`	compares a specific number of bytes/`wchar_t` in two strings
	`strcoll`	`wcscoll`	compares two strings according to the current locale
	`strchr`	`wcschr`	finds the first occurrence of a byte/`wchar_t` in a string
	`strrchr`	`wcsrchr`	finds the last occurrence of a byte/`wchar_t` in a string
	`strspn`	`wcsspn`	finds in a string the first occurrence of a byte/`wchar_t` not in a set
	`strcspn`	`wcscspn`	finds in a string the last occurrence of a byte/`wchar_t` not in a set
	`strpbrk`	`wcspbrk`	finds in a string the first occurrence of a byte/`wchar_t` in a set
	`strstr`	`wcsstr`	finds the first occurrence of a substring in a string
	`strtok`	`wcstok`	splits string into tokens
Miscellaneous	`strerror`	—	returns a string containing a message derived from an error code
Memory manipulation	`memset`	`wmemset`	fills a buffer with a repeated byte/`wchar_t`
	`memcpy`	`wmemcpy`	copies one buffer to another
	`memmove`	`wmemmove`	copies one buffer to another, possibly overlapping, buffer
	`memcmp`	`wmemcmp`	compares two buffers
	`memchr`	`wmemchr`	finds the first occurrence of a byte/`wchar_t` in a buffer
^ Here string refers either to byte string or wide string

Multibyte functions

Name	Description
`mblen`	returns the number of bytes in the next multibyte character
`mbtowc`	converts the next multibyte character to a wide character
`wctomb`	converts a wide character to its multibyte representation
`mbstowcs`	converts a multibyte string to a wide string
`wcstombs`	converts a wide string to a multibyte string
`btowc`	convert a single-byte character to wide character, if possible
`wctob`	convert a wide character to a single-byte character, if possible
`mbsinit`	checks if a state object represents initial state
`mbrlen`	returns the number of bytes in the next multibyte character, given state
`mbrtowc`	converts the next multibyte character to a wide character, given state
`wcrtomb`	converts a wide character to its multibyte representation, given state
`mbsrtowcs`	converts a multibyte string to a wide string, given state
`wcsrtombs`	converts a wide string to a multibyte string, given state

"state" is used by encodings that rely on history such as shift states. This is not needed by UTF-8 or UTF-32. UTF-16 uses them to keep track of surrogate pairs and to hide the fact that it actually is a multi-word encoding.

Numeric conversions

The C standard library contains several functions for numeric conversions. The functions that deal with byte strings are defined in the stdlib.h header (cstdlib header in C++). The functions that deal with wide strings are defined in the wchar.h header (cwchar header in C++). Note that the strtoxxx functions are not const-correct, since they accept a const string pointer and return a non-const pointer within the string.

Byte string	Wide string	Description^{[note 1]}
`atof`	—	converts a string to a floating-point value
`atoi` `atol` `atoll`	—	converts a string to an integer (C99)
`strtof`(C99) `strtod` `strtold`(C99)	`wcstof`(C99) `wcstod` `wcstold`(C99)	converts a string to a floating-point value
`strtol` `strtoll`	`wcstol` `wcstoll`	converts a string to a signed integer
`strtoul` `strtoull`	`wcstoul` `wcstoull`	converts a string to an unsigned integer
^ Here string refers either to byte string or wide string

Popular extensions

memccpy - SVID, POSIX - copies up to specified number of bytes between two memory areas, which must not overlap, stopping when a given byte is found.
mempcpy - GNU - a variant of memcpy returning a pointer to the byte following the last written byte
strcat_s - C (2011) and ISO/IEC WDTR 24731 - a variant of strcat that checks the destination buffer size before copying
strcpy_s - C (2011) and ISO/IEC WDTR 24731 - a variant of strcpy that checks the destination buffer size before copying
strdup - POSIX - allocates and duplicates a string
strerror_r - POSIX 1, GNU - a variant of strerror that is thread-safe. GNU version is incompatible with POSIX one.
strlcpy - BSD - a variant of strcpy that truncates the result to fit in the destination buffer^[5]
strlcat - BSD - a variant of strcat that truncates the result to fit in the destination buffer^[5]
strsignal - POSIX:2008 - returns string representation of a signal code. Not thread safe.
strtok_r - POSIX - a variant of strtok that is thread-safe

Criticism

Despite the well-established need to replace strcat and strcpy with functions that do not overflow buffers, no accepted standard has arisen. Partly this is due to the mistaken belief by many C programmers that strncat and strncpy have the desired behavior (neither function was designed for this and the behavior and arguments are non-intuitive and often written incorrectly even by expert programmers^[5]).

strcat_s and strcpy_s are defined in the C 11 (Annex K), and in ISO/IEC WDTR 24731. An error indicator is returned on buffer overflow and the output buffer is set to a zero-length string (which destroys data in the case of strcpy_s). These functions attracted considerable criticism because they are currently supported only by Microsoft Visual C++. Warning messages produced by Microsoft's compilers suggesting programmers use these functions instead of standard ones have been speculated by some to be a Microsoft attempt to lock developers to its platform.^[6]^[7]^[8]

The more popular strlcat and strlcpy have been criticised on the basis that they encourage use of C strings and thus create more problems than they solve^[9] and for lacking documentation.^[10] Consequently they have not been included in the GNU C library (used by software on Linux), although they are implemented in OpenBSD, FreeBSD, Solaris, Mac OS X, QNX, and even internally in the Linux kernel.

References

^ ^a ^b ^c "The C99 standard draft + TC3" (PDF). §7.1.1p1. Retrieved 7 January 2011.{{cite web}}: CS1 maint: location (link)
^ "The C99 standard draft + TC3" (PDF). §6.4.5p7. Retrieved 7 January 2011.{{cite web}}: CS1 maint: location (link)
^ "The C99 standard draft + TC3" (PDF). Section 6.4.5 footnote 66. Retrieved 7 January 2011.{{cite web}}: CS1 maint: location (link)
^ "The C99 standard draft + TC3" (PDF). §5.1.1.2 Translation phases, p1. Retrieved 23 December 2011.{{cite web}}: CS1 maint: location (link)
^ ^a ^b ^c Todd C. Miller (1999). "strlcpy and strlcat - consistent, safe, string copy and concatenation". USENIX '99. {{cite web}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
^ Danny Kalev. "They're at it again". InformIT. Retrieved 10 November 2011.
^ "Security Enhanced CRT, Safer Than Standard Library?". Retrieved 10 November 2011.
^ Danny Kalev. "A Tour of C1X, Part II". InformIT. Retrieved 6 April 2012.
^ libc-alpha mailing list, selected messages from 8 August 2000 thread: 53, 60, 61
^ Antill, James. "Security with string APIs: Security relevant things to look for in a string library API". Retrieved 10 November 2011.

[5] Here string refers either to byte string or wide string

[6] Here string refers either to byte string or wide string

[open-std1-1] "The C99 standard draft + TC3" (PDF). §7.1.1p1. Retrieved 7 January 2011.{{cite web}}: CS1 maint: location (link)

[2] "The C99 standard draft + TC3" (PDF). §6.4.5p7. Retrieved 7 January 2011.{{cite web}}: CS1 maint: location (link)

[3] "The C99 standard draft + TC3" (PDF). Section 6.4.5 footnote 66. Retrieved 7 January 2011.{{cite web}}: CS1 maint: location (link)

[open-std-4] "The C99 standard draft + TC3" (PDF). §5.1.1.2 Translation phases, p1. Retrieved 23 December 2011.{{cite web}}: CS1 maint: location (link)

[strl-7] Todd C. Miller (1999). "strlcpy and strlcat - consistent, safe, string copy and concatenation". USENIX '99. {{cite web}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)

[8] Danny Kalev. "They're at it again". InformIT. Retrieved 10 November 2011.

[9] "Security Enhanced CRT, Safer Than Standard Library?". Retrieved 10 November 2011.

[10] Danny Kalev. "A Tour of C1X, Part II". InformIT. Retrieved 6 April 2012.

[libc-alpha-discussion-1-11] -alpha mailing list, selected messages from 8 August 2000 thread: 53, 60, 61

[12] Antill, James. "Security with string APIs: Security relevant things to look for in a string library API". Retrieved 10 November 2011.

[1]

[2]

[3]

[4]

[note 1]

[note 1]

[5]

[6]

[7]

[8]

[9]

[10]

@@ Line 9: / Line 9: @@
 == Definitions==
-A string is a contiguous sequence of characters terminated by and including the first null character (written <code>'\0'</code> and corresponding to the ASCII character NUL). In C, there are two types of strings: '''string''', which is sometimes called '''byte string''', and '''wide string'''.<ref name="open-std1">{{cite web |title=The C99 standard draft + TC3 |url=http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf |accessdate=7 January 2011 |location=§7.1.1p1 }}</ref> A byte string contains the type <code>char</code>s as code units (one <code>char</code> is one byte), whereas a wide string contains the type <code>wchar_t</code> as code units.
+A string is a contiguous sequence of characters terminated by and including the first null character (written <code>'\0'</code> and corresponding to the ASCII character NUL). In C, there are two types of strings: '''string''', which is sometimes called '''byte string''', and '''wide string'''.<ref name="open-std1">{{cite web |title=The C99 standard draft + TC3 |url=http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf |accessdate=7 January 2011 |location=§7.1.1p1 }}</ref> A byte string contains the type <code>char</code>s as code units (one <code>char</code> is at least 8 bits), whereas a wide string contains the type <code>wchar_t</code> as code units.
 A common misconception is that all <code>char</code> arrays are strings, because string literals are converted to arrays during the compilation (or translation) phase.<ref>{{cite web |title=The C99 standard draft + TC3 |url=http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf |accessdate=7 January 2011 |location=§6.4.5p7 }}</ref> It is important to remember that a string '''ends''' at the first null character. An array or string literal that contains a null character before the last byte therefore ''contains'' a string, or possibly several strings, but is not itself a string.<ref>{{cite web |title=The C99 standard draft + TC3 |url=http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf |accessdate=7 January 2011 |location=Section 6.4.5 footnote 66 }}</ref> Conversely, it is possible to create a <code>char</code> array that is not null-terminated and is thus not a string. <code>char</code> is often used as integer when needing to save memory, for example when having an array of booleans.