Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

Welcome to Software Development on Codidact!

Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.

Comments on Is strcpy dangerous and what should be used instead?

Post

Is strcpy dangerous and what should be used instead?

+15
−0

I heard rumours that the strcpy function is dangerous and shouldn't be used. Supposedly it can be exploited to create buffer overflows somehow.

And indeed when I compile my C code in the admittedly non-conforming Visual Studio C compiler, it warns me about using strcpy among other functions, labelling it dangerous. Is it true?

If so, what should we use instead? Some rumours say that strncpy should be used instead, others like Microsoft tell me to use strcpy_s.

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.
Why should this post be closed?

2 comment threads

memcpy (2 comments)
General comments (1 comment)
memcpy
CPlus‭ wrote 8 months ago

Usually I use memcpy() if the length of the string is already known. This way the function does not need to constantly check for a null terminator.

Lundin‭ wrote 8 months ago

CPlus‭ Then you might agree with the posted answer... "memcpy is always preferred when you know the size in advance. It's always faster than strcpy. It is safe and portable."