Home/ Questions/Q 7704723
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T23:44:41+00:00

Possible Duplicate: Why does this intentionally incorrect use of strcpy not fail horribly? Below

  • 0

Possible Duplicate:
Why does this intentionally incorrect use of strcpy not fail horribly?

Below see below code:

char* stuff = (char*)malloc(2);
 strcpy(stuff,"abc");
 cout<<"The size of stuff is : "<<strlen(stuff);

Even though I assigned 2 bytes to stuff, why does strcpy still work and the output of strlen is 3. Shouldn’t this throw something like index out of bounds?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    C and C++ don’t do automatic bounds checking like Java and C# do. This code will overwrite stuff in memory past the end of the string, corrupting whatever was there. That can lead to strange behavior or crashes later, so it’s good to be cautious about such things.

    Accessing past the end of an array is deemed “undefined behavior” by the C and C++ standards. That means the standard doesn’t specify what must happen when a program does that, so a program that triggers UB is in never-never-land where anything might happen. It might continue to work with no apparent problems. It might crash immediately. It might crash later when doing something else that shouldn’t have been a problem. It might misbehave but not crash. Or velociraptors might come and eat you. Anything can happen.

    Writing past the end of an array is called a buffer overflow, by the way, and it’s a common cause of security flaws. If that “abc” string were actually user input, a skilled attacker could put bytes into it that end up overwriting something like the function’s return pointer, which can be used to make the program run different code than it should, and do different things than it should.

    • 0