LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 04-22-2011, 05:50 PM   #1
Laythe
LQ Newbie
 
Registered: Nov 2010
Posts: 18
Blog Entries: 1

Rep: Reputation: 0
What's The Best Practice for C-Style Stings?


Greetings EveryOne

I have searched the net for The Best Practice of C-Style Stings, but the examples i have found aren't sufficient.

Can someone please show me The Best Practice for C-Style Stings, or direct me to something i can read that shows in details the best practice.

Thanks In Advance
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 04-23-2011, 10:57 AM   #2
winning
Member
 
Registered: Apr 2011
Posts: 70

Rep: Reputation: 13
Could you provide some details regarding your understanding of "the best practice of c-style stings (sic)"? Concrete examples might help your LQ colleagues in helping you.

P.S.: I hope you do not mind that I am taking your thread off the zero-reply list but I hope this will prove to be benefical.
 
Old 04-23-2011, 11:27 AM   #3
ozanbaba
Member
 
Registered: May 2003
Location: Tengiz
Distribution: Slackware64 14.1
Posts: 671

Rep: Reputation: 94
Don't forget strings are not first class types in C. We just pretend they are
 
Old 04-23-2011, 01:43 PM   #4
Israfel2000
Member
 
Registered: May 2004
Location: Underground base in the mountains
Distribution: FreeBSD, Fedora, Ubuntu
Posts: 87
Blog Entries: 2

Rep: Reputation: 18
Strings are arrays of characters and have different functions like adding strings, finding the length of strings, and also checking to see if strings match. Here are a few examples:

Code:
strcmp()
strcmp will accept two strings. It will return an integer

Code:
strcat()
strcat is short for string concatenate, which means to add to the end, or append

Code:
strcpy()
strcpy is short for string copy, which means it copies the entire contents of 'src' into 'dest'.

Code:
strlen()
strlen will return the length of a string, minus the terminating character ('\0')

As for a better practice for c-strings; maybe there is or maybe there isn't.
I guess it depends on you.

If you want more info check the websites "http://cprogramming.com" and "http://www.programmersheaven.com" and there are more tutorials on strings on the Internet.

I hope I was helpful.
 
2 members found this post helpful.
Old 04-24-2011, 06:17 AM   #5
dugan
Senior Member
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 4,676

Rep: Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440
Quote:
best practices
Quote:
strcmp, strcat, strcpy
The best practice is to not use these functions. They don't take the string's length as a parameter, and therefore make it much more likely that your code will be vulnerable to buffer overflows. The functions to use instead are strncmp, strncat and strncpy.
 
Old 04-24-2011, 06:23 AM   #6
winning
Member
 
Registered: Apr 2011
Posts: 70

Rep: Reputation: 13
I'm curious to know how using strcmp instead of strncmp makes it more likely that one's code will be vulnerable to buffer overflows.
 
Old 04-24-2011, 06:32 AM   #7
dugan
Senior Member
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 4,676

Rep: Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440
You got me. I shouldn't have included strcmp in that list.
 
1 members found this post helpful.
Old 04-29-2011, 01:28 PM   #8
Laythe
LQ Newbie
 
Registered: Nov 2010
Posts: 18
Blog Entries: 1

Original Poster
Rep: Reputation: 0
Maybe i should rephrase my question, what's the best practice (the ideal practice) to not fall in the buffer overflows pitfall.

Thank You
 
Old 04-29-2011, 01:29 PM   #9
ozanbaba
Member
 
Registered: May 2003
Location: Tengiz
Distribution: Slackware64 14.1
Posts: 671

Rep: Reputation: 94
Use dynamic string library. There's several good ones, several bad ones.
 
0 members found this post helpful.
Old 04-29-2011, 02:02 PM   #10
Laythe
LQ Newbie
 
Registered: Nov 2010
Posts: 18
Blog Entries: 1

Original Poster
Rep: Reputation: 0
Quote:
There's several good ones, several bad ones.
what does that mean?
 
Old 04-29-2011, 02:32 PM   #11
dugan
Senior Member
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 4,676

Rep: Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440Reputation: 1440
Yeah, ozanbaba. What does that mean? Examples of good and bad ones (and why they're good or bad) please.

Also, I noticed that the question is about "C-style strings" and not "strings in C". C++ uses C-style strings by default. However, in C++ the best practice is to use the string class in their place whenever possible.

And to avoid the buffer overflow vulnerability, see post #5: prefer functions that take the string's length over those that don't.
 
Old 04-29-2011, 02:38 PM   #12
Telengard
Member
 
Registered: Apr 2007
Location: USA
Distribution: Kubuntu 8.04
Posts: 579
Blog Entries: 8

Rep: Reputation: 147Reputation: 147
Quote:
Originally Posted by dugan View Post
Yeah, ozanbaba. What does that mean? Examples of good and bad ones (and why they're good or bad) please.

Also, I noticed that the question is about "C-style strings" and not "strings in C". C++ uses C-style strings by default. However, in C++ the best practice is to use the string class in their place whenever possible.

And to avoid the buffer overflow vulnerability, see post #5: prefer functions that take the string's length over those that don't.
Please do go on. I'm learning more from each exchange

Edit
@OP
Thank you for your ambiguity. This thread is great so far.

Last edited by Telengard; 04-29-2011 at 02:42 PM.
 
Old 04-30-2011, 02:54 PM   #13
Israfel2000
Member
 
Registered: May 2004
Location: Underground base in the mountains
Distribution: FreeBSD, Fedora, Ubuntu
Posts: 87
Blog Entries: 2

Rep: Reputation: 18
I found this tutorial in "http://www.learncpp.com/cpp-tutorial/66-c-style-strings/. I only listed the most important content of the tutorial. Here it is:

Quote:
Buffers and buffer overflow

You can read text into a string using cin:

char szString[255];
cin >> szString;
cout << "You entered: " << szString << endl;

Why did we declare the string to be 255 characters long? The answer is that we don’t know how many characters the user is going to enter. We are using this array of 255 characters as a buffer. A buffer is memory set aside temporarily to hold data. In this case, we’re temporarily holding the user input before we write it out using cout.

If the user were to enter more characters than our array could hold, we would get a buffer overflow. A buffer overflow occurs when the program tries to store more data in a buffer than the buffer can hold. Buffer overflow results in other memory being overwritten, which usually causes a program crash, but can cause any number of other issues. By making our buffer 255 charaters long, we are guessing that the user will not enter this many characters. Although this is commonly seen in C/C++ programming, it is poor programming.

The recommended way of reading strings using cin is as follows:

char szString[255];
cin.getline(szString, 255);
cout << "You entered: " << szString << endl;

This call to cin.getline() will read up to 254 characters into szString (leaving room for the null terminator!). Any excess characters will be discarded. In this way, we guarantee that buffer overflow will not occur.
This should give you an insight of what are buffers and buffer overflows. Hopefully this would give you a clear idea on how to avoid buffer overflows. You can go to the site if you want to see the whole tutorial.

I hope I was helpful.
 
  


Reply

Tags
string


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Lubuntu: Floats Like a Butterfly, Stings Like a Bee LXer Syndicated Linux News 1 10-19-2009 02:18 AM
e.g., BSD style (Slackware) vs. SystemV style startup scripts haertig Slackware 5 01-03-2009 10:52 PM
Compiling kernel Debian style or Native style ? Raynus Debian 1 06-16-2008 06:56 AM
Stings question docetes Programming 3 03-20-2006 01:07 PM
VIM-style wrapping to OpenOffice style schmmd Linux - Software 1 12-21-2004 06:50 PM


All times are GMT -5. The time now is 11:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration