Why does this intentionally incorrect use of strcpy not fail horribly?

by

First, copying into an array that is too small:

C has no protection for going past array bounds, so if there is nothing sensitive at dst1[5..9], then you get lucky, and the copy goes into memory that you don’t rightfully own, but it doesn’t crash either. However, that memory is not safe, because it has not been allocated to your variable. Another variable may well have that memory allocated to it, and later overwrite the data you put in there, corrupting your string later on.

Secondly, copying from an array that is not null-terminated:

Even though we’re usually taught that memory is full of arbitrary data, huge chunks of it are zero’d out. Even though you didn’t put a null-terminator in src2, chances are good that src[5] happens to be \0 anyway. This makes the copy succeed. Note that this is NOT guaranteed, and could fail on any run, on any platform, at anytime. But you got lucky this time (and probably most of the time), and it worked.

More Related Contents:

  1. Why this program is crashing?
  2. How can I get the size of an array from a pointer in C?
  3. Why is it safer to use sizeof(*pointer) in malloc
  4. What’s the point of malloc(0)?
  5. error: function returns address of local variable
  6. Overriding ‘malloc’ using the LD_PRELOAD mechanism
  7. Using malloc for allocation of multi-dimensional arrays with different row lengths
  8. Why is malloc not “using up” the memory on my computer?
  9. newbie questions about malloc and sizeof
  10. Writing to pointer out of bounds after malloc() not causing error
  11. Maximum memory which malloc can allocate
  12. free char*: invalid next size (fast) [duplicate]
  13. Incompatible implicit declaration of built-in function ‘malloc’
  14. How to use realloc in a function in C
  15. Dynamically create an array of strings with malloc
  16. C Warning: Function returns address of local variable
  17. Use of cudamalloc(). Why the double pointer?
  18. malloc(sizeof(int)) vs malloc(sizeof(int *)) vs (int *)malloc(sizeof(int))
  19. malloc implementation?
  20. Why do I get different results when I dereference a pointer after freeing it?
  21. Malloc vs custom allocator: Malloc has a lot of overhead. Why?
  22. Using sizeof() on malloc’d memory [duplicate]
  23. Why do I get a warning every time I use malloc?
  24. How to get memory block length after malloc?
  25. Does C have a string type? [closed]
  26. An alternative for the deprecated __malloc_hook functionality of glibc
  27. Heap allocate a 2D array (not array of pointers)
  28. realloc(): invalid next size when reallocating to make space for strcat on char * [duplicate]
  29. Is null character included while allocating using malloc
  30. What exactly is -fno-builtin doing here?

Leave a Comment