• Images
• Videos
• Documents
• Books
• Articles

Definitions

A string is defined as a contiguous sequence of code units terminated by the first zero code unit (often called the NUL code unit).¹ This means a string cannot contain the zero code unit, as the first one seen marks the end of the string. The length of a string is the number of code units before the zero code unit.² The memory occupied by a string is always one more code unit than the length, as space is needed to store the zero terminator.

Generally, the term string means a string where the code unit is of type char, which is exactly 8 bits on all modern machines. C90 defines wide strings³ which use a code unit of type wchar_t, which is 16 or 32 bits on modern machines. This was intended for Unicode but it is increasingly common to use UTF-8 in normal strings for Unicode instead.

Strings are passed to functions by passing a pointer to the first code unit. Since char * and wchar_t * are different types, the functions that process wide strings are different than the ones processing normal strings and have different names.

String literals ("text" in the C source code) are converted to arrays during compilation.⁴ The result is an array of code units containing all the characters plus a trailing zero code unit. In C90 L"text" produces a wide string. A string literal can contain the zero code unit (one way is to put \0 into the source), but this will cause the string to end at that point. The rest of the literal will be placed in memory (with another zero code unit added to the end) but it is impossible to know those code units were translated from the string literal, therefore such source code is not a string literal.⁵

Character encodings

Each string ends at the first occurrence of the zero code unit of the appropriate kind (char or wchar_t). Consequently, a byte string (char*) can contain non-NUL characters in ASCII or any ASCII extension, but not characters in encodings such as UTF-16 (even though a 16-bit code unit might be nonzero, its high or low byte might be zero). The encodings that can be stored in wide strings are defined by the width of wchar_t. In most implementations, wchar_t is at least 16 bits, and so all 16-bit encodings, such as UCS-2, can be stored. If wchar_t is 32-bits, then 32-bit encodings, such as UTF-32, can be stored. (The standard requires a "type that holds any wide character", which on Windows no longer holds true since the UCS-2 to UTF-16 shift. This was recognized as a defect in the standard and fixed in C++.)⁶ C++11 and C11 add two types with explicit widths char16_t and char32_t.⁷

Variable-width encodings can be used in both byte strings and wide strings. String length and offsets are measured in bytes or wchar_t, not in "characters", which can be confusing to beginning programmers. UTF-8 and Shift JIS are often used in C byte strings, while UTF-16 is often used in C wide strings when wchar_t is 16 bits. Truncating strings with variable-width characters using functions like strncpy can produce invalid sequences at the end of the string. This can be unsafe if the truncated parts are interpreted by code that assumes the input is valid.

Support for Unicode literals such as char foo[512] = "φωωβαρ"; (UTF-8) or wchar_t foo[512] = L"φωωβαρ"; (UTF-16 or UTF-32, depends on wchar_t) is implementation defined,⁸ and may require that the source code be in the same encoding, especially for char where compilers might just copy whatever is between the quotes. Some compilers or editors will require entering all non-ASCII characters as \xNN sequences for each byte of UTF-8, and/or \uNNNN for each word of UTF-16. Since C11 (and C++11), a new literal prefix u8 is available that guarantees UTF-8 for a bytestring literal, as in char foo[512] = u8"φωωβαρ";.⁹ Since C++20 and C23, a char8_t type was added that is meant to store UTF-8 characters and the types of u8 prefixed character and string literals were changed to char8_t and char8_t[] respectively.

Features

Terminology

In historical documentation the term "character" was often used instead of "byte" for C strings, which leads many[who?] to believe that these functions somehow do not work for UTF-8. In fact all lengths are defined as being in bytes and this is true in all implementations, and these functions work as well with UTF-8 as with single-byte encodings. The BSD documentation has been fixed to make this clear, but POSIX, Linux, and Windows documentation still uses "character" in many places where "byte" or "wchar_t" is the correct term.

Functions for handling memory buffers can process sequences of bytes that include null-byte as part of the data. Names of these functions typically start with mem, as opposite to the str prefix.

Headers

Most of the functions that operate on C strings are declared in the string.h header (cstring in C++), while functions that operate on C wide strings are declared in the wchar.h header (cwchar in C++). These headers also contain declarations of functions used for handling memory buffers; the name is thus something of a misnomer.

Functions declared in string.h are extremely popular since, as a part of the C standard library, they are guaranteed to work on any platform which supports C. However, some security issues exist with these functions, such as potential buffer overflows when not used carefully and properly, causing the programmers to prefer safer and possibly less portable variants, out of which some popular ones are listed below. Some of these functions also violate const-correctness by accepting a const string pointer and returning a non-const pointer within the string. To correct this, some have been separated into two overloaded functions in the C++ version of the standard library.

Constants and types

Functions

Multibyte functions

These functions all need a <016 style="padding-left:0.4em; padding-right:0.4em; color:var( --color-subtle, #666666);">mbstate_t object, originally in static memory (making the functions not be thread-safe) and in later additions the caller must maintain. This was originally intended to track shift states in the <016 style="padding-left:0.4em; padding-right:0.4em; color:var( --color-subtle, #666666);">mb encodings, but modern ones such as UTF-8 do not need this. However these functions were designed on the assumption that the <016 style="padding-left:0.4em; padding-right:0.4em; color:var( --color-subtle, #666666);">wc encoding is not a variable-width encoding and thus are designed to deal with exactly one <016 style="padding-left:0.4em; padding-right:0.4em; color:var( --color-subtle, #666666);">wchar_t at a time, passing it by value rather than using a string pointer. As UTF-16 is a variable-width encoding, the <016 style="padding-left:0.4em; padding-right:0.4em; color:var( --color-subtle, #666666);">mbstate_t has been reused to keep track of surrogate pairs in the wide encoding, though the caller must still detect and call <016 style="padding-left:0.4em; padding-right:0.4em; color:var( --color-subtle, #666666);">mbtowc twice for a single character.⁸⁶⁸⁷⁸⁸ Later additions to the standard admit that the only conversion programmers are interested in is between UTF-8 and UTF-16 and directly provide this.

Numeric conversions

The C standard library contains several functions for numeric conversions. The functions that deal with byte strings are defined in the stdlib.h header (cstdlib header in C++). The functions that deal with wide strings are defined in the wchar.h header (cwchar header in C++).

The functions strchr, bsearch, strpbrk, strrchr, strstr, memchr and their wide counterparts are not const-correct, since they accept a const string pointer and return a non-const pointer within the string. This has been fixed in C23.¹⁰²

Also, since the Normative Amendment 1 (C95), atoxx functions are considered subsumed by strtoxxx functions, for which reason neither C95 nor any later standard provides wide-character versions of these functions. The argument against atoxx is that they do not differentiate between an error and a 0.¹⁰³

Popular extensions

Replacements

Despite the well-established need to replace strcat¹²⁰ and strcpy¹²¹ with functions that do not allow buffer overflows, no accepted standard has arisen. This is partly due to the mistaken belief by many C programmers that strncat and strncpy have the desired behavior; however, neither function was designed for this (they were intended to manipulate null-padded fixed-size string buffers, a data format less commonly used in modern software), and the behavior and arguments are non-intuitive and often written incorrectly even by expert programmers.¹²²

The most popular¹²³ replacement are the strlcat¹²⁴ and strlcpy¹²⁵ functions, which appeared in OpenBSD 2.4 in December, 1998.¹²⁶ These functions always write one NUL to the destination buffer, truncating the result if necessary, and return the size of buffer that would be needed, which allows detection of the truncation and provides a size for creating a new buffer that will not truncate. For a long time they have not been included in the GNU C library (used by software on Linux), on the basis of allegedly being inefficient,¹²⁷ encouraging the use of C strings (instead of some superior alternative form of string),¹²⁸¹²⁹ and hiding other potential errors.¹³⁰¹³¹ Even while glibc hadn't added support, strlcat and strlcpy have been implemented in a number of other C libraries including ones for OpenBSD, FreeBSD, NetBSD, Solaris, OS X, and QNX, as well as in alternative C libraries for Linux, such as libbsd, introduced in 2008,¹³² and musl, introduced in 2011,¹³³¹³⁴ and the source code added directly to other projects such as SDL, GLib, ffmpeg, rsync, and even internally in the Linux kernel. This did change in 2024, the glibc FAQ notes that as of glibc 2.38, the code has been committed ¹³⁵ and thereby added.¹³⁶ These functions were standardized as part of POSIX.1-2024,¹³⁷ the Austin Group Defect Tracker ID 986 tracked some discussion about such plans for POSIX.

Sometimes memcpy¹³⁸ or memmove¹³⁹ are used, as they may be more efficient than strcpy as they do not repeatedly check for NUL (this is less true on modern processors). Since they need a buffer length as a parameter, correct setting of this parameter can avoid buffer overflows.

As part of its 2004 Security Development Lifecycle, Microsoft introduced a family of "secure" functions including strcpy_s and strcat_s (along with many others).¹⁴⁰ These functions were standardized with some minor changes as part of the optional C11 (Annex K) proposed by ISO/IEC WDTR 24731.¹⁴¹ These functions perform various checks including whether the string is too long to fit in the buffer. If the checks fail, a user-specified "runtime-constraint handler" function is called,¹⁴² which usually aborts the program.¹⁴³¹⁴⁴ These functions attracted considerable criticism because initially they were implemented only on Windows and at the same time warning messages started to be produced by Microsoft Visual C++ suggesting use of these functions instead of standard ones. This has been speculated by some to be an attempt by Microsoft to lock developers into its platform.¹⁴⁵ Experience with these functions has shown significant problems with their adoption and errors in usage, so the removal of Annex K was proposed for the next revision of the C standard.¹⁴⁶ Usage of memset_s has been suggested as a way to avoid unwanted compiler optimizations.¹⁴⁷¹⁴⁸

See also

• C syntax § Strings – source code syntax, including backslash escape sequences
• String functions
• Perl Compatible Regular Expressions (PCRE)

Notes

External links

• Fast memcpy in C, multiple C coding examples to target different types of CPU instruction architectures

References

1. "The C99 standard draft + TC3" (PDF). §7.1.1p1. Retrieved 7 January 2011.{{cite web}}: CS1 maint: location (link) http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf ↩

2. "The C99 standard draft + TC3" (PDF). §7.1.1p1. Retrieved 7 January 2011.{{cite web}}: CS1 maint: location (link) http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf ↩

3. "The C99 standard draft + TC3" (PDF). §7.1.1p1. Retrieved 7 January 2011.{{cite web}}: CS1 maint: location (link) http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf ↩

4. "The C99 standard draft + TC3" (PDF). §6.4.5p7. Retrieved 7 January 2011.{{cite web}}: CS1 maint: location (link) http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf ↩

5. "The C99 standard draft + TC3" (PDF). Section 6.4.5 footnote 66. Retrieved 7 January 2011.{{cite web}}: CS1 maint: location (link) http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf ↩

6. "Relax requirements on wchar_t to match existing practices" (PDF). https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2022/p2460r2.pdf ↩

7. "Fundamental types". en.cppreference.com. https://en.cppreference.com/w/cpp/language/types ↩

8. "The C99 standard draft + TC3" (PDF). §5.1.1.2 Translation phases, p1. Retrieved 23 December 2011.{{cite web}}: CS1 maint: location (link) http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf ↩

9. "string literals". en.cppreference.com. Retrieved 23 December 2019. https://en.cppreference.com/w/c/language/string_literal ↩

10. "c++ - What is the use of wchar_t in general programming?". Stack Overflow. Retrieved 1 August 2022. https://stackoverflow.com/questions/13509733/what-is-the-use-of-wchar-t-in-general-programming ↩

11. "stddef.h - standard type definitions". The Open Group. Retrieved 28 January 2017. https://pubs.opengroup.org/onlinepubs/007908775/xsh/stddef.h.html ↩

12. Gillam, Richard (2003). Unicode Demystified: A Practical Programmer's Guide to the Encoding Standard. Addison-Wesley Professional. p. 714. ISBN 9780201700527. 9780201700527 ↩

13. "char, wchar_t, char8_t, char16_t, char32_t". docs.microsoft.com. Retrieved 1 August 2022. https://docs.microsoft.com/en-us/cpp/cpp/char-wchar-t-char16-t-char32-t ↩

14. "char8_t". https://en.cppreference.com/w/c/string/multibyte/char8_t ↩

15. " (uchar.h)". https://cplusplus.com/reference/cuchar/ ↩

16. "char16_t". https://en.cppreference.com/w/c/string/multibyte/char16_t ↩

17. "Replacing text macros". https://en.cppreference.com/w/c/preprocessor/replace#Predefined_macros ↩

18. "Fundamental types". https://en.cppreference.com/w/cpp/language/types#Character_types ↩

19. " (uchar.h)". https://cplusplus.com/reference/cuchar/ ↩

20. "char32_t". https://en.cppreference.com/w/c/string/multibyte/char32_t ↩

21. "Replacing text macros". https://en.cppreference.com/w/c/preprocessor/replace#Predefined_macros ↩

22. "Fundamental types". https://en.cppreference.com/w/cpp/language/types#Character_types ↩

23. For wide string functions substitute wchar_t for "byte" in the description ↩

24. "strcpy - cppreference.com". En.cppreference.com. 2 January 2014. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strcpy ↩

25. "wcscpy - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcscpy ↩

26. "strncpy - cppreference.com". En.cppreference.com. 4 October 2013. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strncpy ↩

27. "wcsncpy - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcsncpy ↩

28. "strcat - cppreference.com". En.cppreference.com. 8 October 2013. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strcat ↩

29. "wcscat - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcscat ↩

30. "strncat - cppreference.com". En.cppreference.com. 1 July 2013. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strncat ↩

31. "wcsncat - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcsncat ↩

32. "strxfrm - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strxfrm ↩

33. "wcsxfrm - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcsxfrm ↩

34. "strlen - cppreference.com". En.cppreference.com. 27 December 2013. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strlen ↩

35. "wcslen - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcslen ↩

36. "strcmp - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strcmp ↩

37. "wcscmp - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcscmp ↩

38. "strncmp - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strncmp ↩

39. "wcsncmp - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcsncmp ↩

40. "strcoll - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strcoll ↩

41. "wcscoll - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcscoll ↩

42. "strchr - cppreference.com". En.cppreference.com. 23 February 2014. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strchr ↩

43. "wcschr - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcschr ↩

44. "strrchr - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strrchr ↩

45. "wcsrchr - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcsrchr ↩

46. "strspn - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strspn ↩

47. "wcsspn - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcsspn ↩

48. "strcspn - cppreference.com". En.cppreference.com. 31 May 2013. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strcspn ↩

49. "wcscspn - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcscspn ↩

50. "strpbrk - cppreference.com". En.cppreference.com. 31 May 2013. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strpbrk ↩

51. "wcspbrk - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcspbrk ↩

52. "strstr - cppreference.com". En.cppreference.com. 16 October 2013. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strstr ↩

53. "wcsstr - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcsstr ↩

54. "strtok - cppreference.com". En.cppreference.com. 3 September 2013. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strtok ↩

55. "wcstok - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcstok ↩

56. "strerror - cppreference.com". En.cppreference.com. 31 May 2013. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strerror ↩

57. "memset - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/memset ↩

58. "wmemset - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wmemset ↩

59. "memcpy - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/memcpy ↩

60. "wmemcpy - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wmemcpy ↩

61. "memmove - cppreference.com". En.cppreference.com. 25 January 2014. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/memmove ↩

62. "wmemmove - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wmemmove ↩

63. "memcmp - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/memcmp ↩

64. "wmemcmp - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wmemcmp ↩

65. "memchr - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/memchr ↩

66. "wmemchr - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wmemchr ↩

67. "mblen - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/multibyte/mblen ↩

68. "mbtowc - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/multibyte/mbtowc ↩

69. "wctomb - cppreference.com". En.cppreference.com. 4 February 2014. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/multibyte/wctomb ↩

70. "mbstowcs - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/multibyte/mbstowcs ↩

71. "wcstombs - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/multibyte/wcstombs ↩

72. "btowc - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/multibyte/btowc ↩

73. "wctob - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/multibyte/wctob ↩

74. "mbsinit - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/multibyte/mbsinit ↩

75. "mbrlen - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/multibyte/mbrlen ↩

76. "mbrtowc - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/multibyte/mbrtowc ↩

77. "wcrtomb - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/multibyte/wcrtomb ↩

78. "mbsrtowcs - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/multibyte/mbsrtowcs ↩

79. "wcsrtombs - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/multibyte/wcsrtombs ↩

80. "mbrtoc8 - cppreference.com". En.cppreference.com. https://en.cppreference.com/w/c/string/multibyte/mbrtoc8 ↩

81. "c8rtomb - cppreference.com". En.cppreference.com. https://en.cppreference.com/w/c/string/multibyte/c8rtomb ↩

82. "mbrtoc16 - cppreference.com". En.cppreference.com. https://en.cppreference.com/w/c/string/multibyte/mbrtoc16 ↩

83. "c16rtomb - cppreference.com". En.cppreference.com. https://en.cppreference.com/w/c/string/multibyte/c16rtomb ↩

84. "mbrtoc32 - cppreference.com". En.cppreference.com. https://en.cppreference.com/w/c/string/multibyte/mbrtoc32 ↩

85. "c23rtomb - cppreference.com". En.cppreference.com. https://en.cppreference.com/w/c/string/multibyte/c32rtomb ↩

86. "6.3.2 Representing the state of the conversion". The GNU C Library. Retrieved 31 January 2017. https://www.gnu.org/software/libc/manual/html_node/Keeping-the-state.html ↩

87. "root/src/multibyte/c16rtomb.c". Retrieved 31 January 2017. https://git.musl-libc.org/cgit/musl/tree/src/multibyte/c16rtomb.c ↩

88. "Contents of /stable/11/lib/libc/locale/c16rtomb.c". Retrieved 31 January 2017. https://svnweb.freebsd.org/base/stable/11/lib/libc/locale/c16rtomb.c?view=markup ↩

89. Here string refers either to byte string or wide string ↩

90. "atof - cppreference.com". En.cppreference.com. 31 May 2013. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/atof ↩

91. "atoi, atol, atoll - cppreference.com". En.cppreference.com. 18 January 2014. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/atoi ↩

92. "strtof, strtod, strtold - cppreference.com". En.cppreference.com. 4 February 2014. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strtof ↩

93. "strtof, strtod, strtold - cppreference.com". En.cppreference.com. 4 February 2014. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strtod ↩

94. "strtof, strtod, strtold - cppreference.com". En.cppreference.com. 4 February 2014. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strtold ↩

95. "wcstof, wcstod, wcstold - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcstof ↩

96. "wcstof, wcstod, wcstold - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcstod ↩

97. "wcstof, wcstod, wcstold - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. http://en.cppreference.com/w/c/string/wide/wcstold ↩

98. "strtol, strtoll - cppreference.com". En.cppreference.com. 4 February 2014. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strtol ↩

99. "wcstol, wcstoll - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcstol ↩

100. "strtoul, strtoull - cppreference.com". En.cppreference.com. 4 February 2014. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strtoul ↩

101. "wcstoul, wcstoull - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/wide/wcstoul ↩

102. "WG14-N3020 : Qualifier-preserving standard library functions, v4" (PDF). open-std.org. 13 June 2022. https://www.open-std.org/jtc1/sc22/wg14/www/docs/n3020.pdf ↩

103. C99 Rationale, 7.20.1.1 http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf ↩

104. "bzero". The Open Group. Retrieved 27 November 2017. http://pubs.opengroup.org/onlinepubs/009695399/functions/bzero.html ↩

105. "bzero(3)". OpenBSD. Retrieved 27 November 2017. https://man.openbsd.org/explicit_bzero.3 ↩

106. "memccpy". Pubs.opengroup.org. Retrieved 6 March 2014. http://pubs.opengroup.org/onlinepubs/009695399/functions/memccpy.html ↩

107. "mempcpy(3) - Linux manual page". Kernel.org. Retrieved 6 March 2014. https://www.kernel.org/doc/man-pages/online/pages/man3/mempcpy.3.html ↩

108. "strcasecmp(3) - Linux manual page". Kernel.org. Retrieved 6 March 2014. https://www.kernel.org/doc/man-pages/online/pages/man3/strcasecmp.3.html ↩

109. "strcat_s, wcscat_s, _mbscat_s". docs.microsoft.com. Retrieved 22 April 2022. https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/strcat-s-wcscat-s-mbscat-s?view=msvc-170 ↩

110. "strcpy_s, wcscpy_s, _mbscpy_s, _mbscpy_s_l". docs.microsoft.com. Retrieved 22 April 2022. https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/strcpy-s-wcscpy-s-mbscpy-s?view=msvc-170 ↩

111. "strdup". Pubs.opengroup.org. Retrieved 6 March 2014. http://pubs.opengroup.org/onlinepubs/009695399/functions/strdup.html ↩

112. "strerror(3) - Linux manual page". man7.org. Retrieved 3 November 2019. http://man7.org/linux/man-pages/man3/strerror.3.html ↩

113. "String | stricmp()". C Programming Expert.com. Retrieved 6 March 2014. http://www.cprogrammingexpert.com/C/Tutorial/strings/stricmp.aspx ↩

114. "strlcpy, strlcat — size-bounded string copying and concatenation". OpenBSD. Retrieved 26 May 2016. https://man.openbsd.org/OpenBSD-5.9/man3/strlcat.3 ↩

115. Todd C. Miller; Theo de Raadt (1999). "strlcpy and strlcat – consistent, safe, string copy and concatenation". USENIX '99. https://www.millert.dev/papers/strlcpy ↩

116. "strlcpy, strlcat — size-bounded string copying and concatenation". OpenBSD. Retrieved 26 May 2016. https://man.openbsd.org/OpenBSD-5.9/man3/strlcat.3 ↩

117. Todd C. Miller; Theo de Raadt (1999). "strlcpy and strlcat – consistent, safe, string copy and concatenation". USENIX '99. https://www.millert.dev/papers/strlcpy ↩

118. "strsignal". Pubs.opengroup.org. Retrieved 6 March 2014. https://pubs.opengroup.org/onlinepubs/9699919799/functions/strsignal.html ↩

119. "strtok". Pubs.opengroup.org. Retrieved 6 March 2014. https://pubs.opengroup.org/onlinepubs/009695399/functions/strtok.html ↩

120. "strcat - cppreference.com". En.cppreference.com. 8 October 2013. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strcat ↩

121. "strcpy - cppreference.com". En.cppreference.com. 2 January 2014. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/strcpy ↩

122. Todd C. Miller; Theo de Raadt (1999). "strlcpy and strlcat – consistent, safe, string copy and concatenation". USENIX '99. https://www.millert.dev/papers/strlcpy ↩

123. On GitHub, there are 7,813,206 uses of strlcpy, versus 38,644 uses of strcpy_s (and 15,286,150 uses of strcpy).[citation needed] /wiki/Wikipedia:Citation_needed ↩

124. Todd C. Miller. "strlcpy.c". BSD Cross Reference. http://bxr.su/OpenBSD/lib/libc/string/strlcpy.c ↩

125. Todd C. Miller. "strlcat.c". BSD Cross Reference. http://bxr.su/OpenBSD/lib/libc/string/strlcat.c ↩

126. Todd C. Miller; Theo de Raadt (1999). "strlcpy and strlcat – consistent, safe, string copy and concatenation". USENIX '99. https://www.millert.dev/papers/strlcpy ↩

127. Miller, Damien (October 2005). "Secure Portability" (PDF). Retrieved 26 June 2016. This [strlcpy and strlcat] API has been adopted by most modern operating systems and many standalone software packages [...]. The notable exception is the GNU standard C library, glibc, whose maintainer steadfastly refuses to include these improved APIs, labelling them "horribly inefficient BSD crap", despite prior evidence that they are faster is most cases than the APIs they replace. https://www.openbsd.org/papers/portability.pdf ↩

128. libc-alpha mailing list Archived 9 June 2007 at the Wayback Machine, selected messages from 8 August 2000 thread: 53, 60, 61 http://sources.redhat.com/ml/libc-alpha/ ↩

129. The ups and downs of strlcpy(); LWN.net https://lwn.net/Articles/507319/ ↩

130. "Adding strlcpy() to glibc". lwn.net. Correct string handling means that you always know how long your strings are and therefore you can you memcpy (instead of strcpy). https://lwn.net/Articles/612244/ ↩

131. strlcpy(3) – Linux Library Functions Manual "However, one may question the validity of such optimizations, as they defeat the whole purpose of strlcpy() and strlcat(). As a matter of fact, the first version of this manual page got it wrong." https://www.mankier.com/3/strlcpy ↩

132. "libbsd". Retrieved 21 November 2022. https://libbsd.freedesktop.org/ ↩

133. "root/src/string/strlcpy.c". Retrieved 28 January 2017. https://git.musl-libc.org/cgit/musl/tree/src/string/strlcpy.c ↩

134. "root/src/string/strlcat.c". Retrieved 28 January 2017. https://git.musl-libc.org/cgit/musl/tree/src/string/strlcat.c ↩

135. strlc{py|at} commit https://sourceware.org/git/?p=glibc.git;a=commit;h=454a20c8756c9c1d55419153255fc7692b3d2199 ↩

136. Discussion of strlcpy and strlcat in glibc 2.38 on Hacker News https://news.ycombinator.com/item?id=36765747 ↩

137. "strlcat". Pubs.opengroup.org. Retrieved 5 September 2024. https://pubs.opengroup.org/onlinepubs/9799919799/functions/strlcat.html ↩

138. "memcpy - cppreference.com". En.cppreference.com. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/memcpy ↩

139. "memmove - cppreference.com". En.cppreference.com. 25 January 2014. Retrieved 6 March 2014. https://en.cppreference.com/w/c/string/byte/memmove ↩

140. Lovell, Martyn. "Repel Attacks on Your Code with the Visual Studio 2005 Safe C and C++ Libraries". Retrieved 13 February 2015. https://msdn.microsoft.com/en-us/magazine/cc163794.aspx ↩

141. Safe C Library. "The Safe C Library provides bound checking memory and string functions per ISO/IEC TR24731". Sourceforge. Retrieved 6 March 2013. http://safeclib.sourceforge.net/ ↩

142. "The C11 standard draft" (PDF). §K.3.1.4p2. Retrieved 13 February 2013.{{cite web}}: CS1 maint: location (link) http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1548.pdf ↩

143. "The C11 standard draft" (PDF). §K.3.6.1.1p4. Retrieved 13 February 2013.{{cite web}}: CS1 maint: location (link) http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1548.pdf ↩

144. "Parameter Validation". 21 October 2022. https://msdn.microsoft.com/en-us/library/ksazx244.aspx ↩

145. Danny Kalev. "They're at it again". InformIT. Archived from the original on 15 January 2012. Retrieved 10 November 2011. https://web.archive.org/web/20120115011928/http://www.informit.com/blogs/blog.aspx?uk=Theyre-at-it-again ↩

146. "Field Experience With Annex K — Bounds Checking Interfaces". Retrieved 5 November 2015. http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1967.htm ↩

147. "MSC06-C. Beware of compiler optimizations". SEI CERT C Coding Standard. https://wiki.sei.cmu.edu/confluence/display/c/MSC06-C.+Beware+of+compiler+optimizations ↩

148. memset_s(3) – FreeBSD Library Functions Manual https://www.freebsd.org/cgi/man.cgi?query=memset_s&sektion=3 ↩