"C + + primer daily Brush Eight" of the eight C-style strings

 

4.3 C-style strings

Although C + + is supported with a style string, this type should not be used in C + + programs. C-style strings often bring many errors and are the root cause of a large number of security problems.

The first time we used string literals and learned that the type of string literals is an array of character constants, it is now clearer to realize that the type of string literals is an array of const char types. A common structure that C + + inherits from the C language is a C-style string, and the string literal is an instance of that type. In fact, a C-style string cannot be precisely attributed to the C language type, nor to the C + + language type, but to the null-terminated character array:

Char ca1[] = {' C ', ' + ', ' + '}; No Null,not C-style

String

Char ca2[] = {' C ', ' + ', ' + ', ' + '}; Explicit null

Char ca3[] = "C + +"; Nullterminator added automatically

const char *CP = "C + +"; Nullterminator added automatically

char *CP1 = CA1; Points to first elementof a array, and not C-style string

char *cp2 = CA2; Points to first elementof a null-terminated char array

CA1 and CP1 are not C-style strings: CA1 is an array of characters with no terminator null, and the pointer cp1 points to CA1, so it points to an array that is not null-terminated. Other declarations are C-style strings, and the name of the array is a pointer to the first element of the array. As a result, Ca2 and CA3 are pointers to the first element of the respective array, respectively.

use of C-style strings

A C-style string is manipulated by the C + + language through a pointer to the (const) char* type. In general, we use the arithmetic operations of pointers to traverse a C-style string, test the pointer each time and increment 1 until the Terminator is reached null:

const char *CP = "some value";

while (*CP)

{

Do something to *CP

++CP;

}

The loop condition of the while statement is to dereference the const char* type pointer CP and determine whether the current character pointed by the CP is a true or false value. The truth value indicates that this is any character except NULL, and the loop continues until the CP points to null for the end character array.

While the loop body finishes the necessary processing, the CP plus 1 moves the pointer down to the next character in the array.

If the character array pointed to by the CP does not have a null terminator, the loop will fail. At this point, the loop starts reading from the point where the CP is pointing until it encounters a null terminator somewhere in memory.

Standard library functions for C-style strings

The table lists the library functions provided by the C language standard library for handling C-style strings. To

Using these standard library functions, you must include the corresponding C header file:

CString is a C + + version of the string.h header file, while String.h is a C language

Standard library.

These standard library functions do not check their string parameters.

Table 4.1. Standard library functions for manipulating C-style strings

Strlen (s) returns the length of S, excluding the string terminator null

strcmp (S1, S2) compares two strings S1 and S2 are the same. If the S1 is equal to S2, return

Return 0 if S1 is greater than S2, returns a positive number, or negative if S1 is less than S2

Number

strcat (S1, S2) connects the string S2 to S1 and returns S1

strcpy (s1, s2) copies S2 to S1 and returns S1

Strncat (s1,s2,n) Connect prompt the first n characters of S2 back to S1 and returns S1

strncpy (S1,S2, N) copies the first n characters of S2 to S1 and returns S1

#include <cstring>

Pointers passed to these standard library function routines must have a non-0 value, and point to the first element in an array of null-terminated characters. Some of these standard library functions modify the string that is passed to it, assuming that the string they are modifying has enough space to receive the newly generated character of the function, and the programmer must ensure that the target string must be large enough.

The C + + language provides common relational operators to implement comparisons of objects of the standard library type string. These operators can also be used to compare pointers to C-style strings, but the effect is quite different: in fact, the address values placed on the pointer are compared instead of the string they point to:

if (CP1 < CP2)//compares addresses,not the values pointed to

If CP1 and Cp2 point to an element in the same array (or an overflow position of the array), the table above

Equivalent to comparing addresses stored in CP1 and CP2; if the two pointers point to a different number

Group, the comparison implemented by the expression is not defined.

The comparison of strings and the interpretation of comparison results must be performed using the standard library function strcmp:

const char *CP1 = "A stringexample";

const char *CP2 = "A differentstring";

int i = strcmp (CP1, CP2); I is positive

i = strcmp (CP2, CP1); I is negative

i = strcmp (CP1, CP1); I is zero

The standard library function strcmp has 3 possible return values: If two strings are equal, 0 is returned.

A positive value if the first string is greater than the second string, otherwise a negative number is returned.

Never forget the string terminator null

When using standard library functions that handle C-style strings, remember that the string must be null with a terminator

End:

Char ca[] = {' C ', ' + ', ' + '}; notnull-terminated

cout << strlen (CA) << Endl; DISASTER:CA isn ' t

null-terminated

In this example, theCA is an array of characters with no null terminator, and the result of the calculation is not

can be expected. The standard library function strlen always assumes that its argument string ends with a null character when called

The standard library function, the system will start the search terminator with the memory space pointed to by the CA,

Until you encounter null exactly. Strlen returns the total number of characters in this memory space, without a

On how this value cannot be correct.

the caller must ensure that the target string is of sufficient size

The first real parameter group passed to the standard library functions strcat and strcpy must have a large enough

Space to store the newly generated string. While the following code demonstrates a common use, it has a latent

In the Critical error:

Dangerous:what happens if wemiscalculate the size of largestr?

Char largestr[16 + 18 + 2]; Would holdcp1 a space and CP2

strcpy (Largestr, CP1); Copies CP1 Intolargestr

strcat (Largestr, ""); Adds aspace at end of Largestr

strcat (Largestr, CP2); Concatenates cp2to Largestr

Prints a string example a differentstring

cout << largestr << Endl;

The problem is that we often get the wrong size largestr need. Similarly, if the size of the string that CP1 or cp2 points to has changed, the size required by LARGESTR will be evaluated incorrectly. Unfortunately , programs similar to the code above are widely used, and such programs tend to be error-prone and lead to severe security breaches.

handling C-style strings using the STRN function

If you must use a C-style string, use standard library functions strncat and strncpy

strcat and strcpy functions are more secure :

Char largestr[16 + 18 + 2]; To hold Cp1a space and CP2

strncpy (Largestr, CP1, 17); Size to copyincludes the null

Strncat (Largestr, "", 2); Pedantic, but a good habit

Strncat (Largestr, CP2, 19); Adds at most18 characters, plus a null

The trick to using standard library functions Strncat and strncpy is that you can control the number of characters you copy appropriately. Especially when copying and concatenating strings, always remember to count the Terminator null. Remember to reserve space for null characters when defining strings, because you must end the string Largestr each time a standard library function is called. Let's take a detailed look at the invocation of these standard library functions:

? When calling strncpy, it is required to copy 17 characters: All characters in the string CP1, plus the Terminator null. It is necessary to leave the space of the storage terminator null so that the LARGESTR can end correctly. After calling strncpy, the length strlen value of the string largestr is 16.

Remember: the standard library function strlen is used to calculate the number of characters in a C-style string, excluding the null terminator.

? When calling Strncat, it is required to copy 2 characters: a space and null to end the string literal. After the call ends, the length of the string largestr is 17, the null used to end the LARGESTR is overwritten with the newly added space, and the new Terminator Null is written after the space.

? The second call to Strncat string CP2 requires that all characters in the CP2 be copied, including the string terminator null. At the end of the call, the length of the string largestr is 35:CP1 16 characters and the CP2 18 characters, plus a space separating the two strings.

Throughout the entire process, the array size of the storage largestr always remains at 36 (including The Terminator). As long as the value of the size argument can be computed correctly, it is more secure to use the STRN version than a simplified version without a size parameter. However, if you are copying or stringing more characters than its size to the target array, the array overflow behavior will still occur. If the string to be copied or threaded is larger than the actual size to be copied or threaded, we inadvertently truncate the newly generated string. Truncating a string is safer than an array overflow, but this is still wrong.

Use the standard library type string whenever possible

If you use the C + + standard library type string, there is no such problem:

string largestr = CP1; Initialize LARGESTR as a copy of CP1

Largestr + = ""; Add Space atend of LARGESTR

Largestr + = CP2; Concatenate cp2 Ontoend of Largestr

At this point, the standard library is responsible for handling all memory management issues, and we don't have to worry about the size of each time the string is modified. For most applications, using the standard library type string, in addition to enhancing security, is also more efficient, so you should avoid using C-style strings as much as possible.

"C + + primer daily Brush Eight" of the eight C-style strings