C string handling

The C programming language has a set of functions implementing operations on strings (character strings and byte strings) in its standard library. Various operations, such as copying, concatenation, tokenization and searching are supported. For character strings, the standard library uses the convention that strings are null-terminated: a string of $n$ characters is represented as an array of $n + 1$ elements, the last of which is a " character" with numeric value 0.

The only support for strings in the programming language proper is that the compiler translates quoted string constants into null-terminated strings.

Definitions
A string is defined as a contiguous sequence of code units terminated by the first zero code unit (often called the NUL code unit). This means a string cannot contain the zero code unit, as the first one seen marks the end of the string. The length of a string is the number of code units before the zero code unit. The memory occupied by a string is always one more code unit than the length, as space is needed to store the zero terminator.

Generally, the term string means a string where the code unit is of type, which is exactly 8 bits on all modern machines. C90 defines wide strings which use a code unit of type, which is 16 or 32 bits on modern machines. This was intended for Unicode but it is increasingly common to use UTF-8 in normal strings for Unicode instead.

Strings are passed to functions by passing a pointer to the first code unit. Since  and   are different types, the functions that process wide strings are different than the ones processing normal strings and have different names.

String literals ( in the C source code) are converted to arrays during compilation. The result is an array of code units containing all the characters plus a trailing zero code unit. In C90  produces a wide string. A string literal can contain the zero code unit (one way is to put  into the source), but this will cause the string to end at that point. The rest of the literal will be placed in memory (with another zero code unit added to the end) but it is impossible to know those code units were translated from the string literal, therefore such source code is not a string literal.

Character encodings
Each string ends at the first occurrence of the zero code unit of the appropriate kind ( or  ). Consequently, a byte string (char*) can contain non-NUL characters in ASCII or any ASCII extension, but not characters in encodings such as UTF-16 (even though a 16-bit code unit might be nonzero, its high or low byte might be zero). The encodings that can be stored in wide strings are defined by the width of. In most implementations,  is at least 16 bits, and so all 16-bit encodings, such as UCS-2, can be stored. If  is 32-bits, then 32-bit encodings, such as UTF-32, can be stored. (The standard requires a "type that holds any wide character", which on Windows no longer holds true since the UCS-2 to UTF-16 shift. This was recognized as a defect in the standard and fixed in C++.) C++11 and C11 add two types with explicit widths char16_t and char32_t.

Variable-width encodings can be used in both byte strings and wide strings. String length and offsets are measured in bytes or, not in "characters", which can be confusing to beginning programmers. UTF-8 and Shift JIS are often used in C byte strings, while UTF-16 is often used in C wide strings when  is 16 bits. Truncating strings with variable-width characters using functions like  can produce invalid sequences at the end of the string. This can be unsafe if the truncated parts are interpreted by code that assumes the input is valid.

Support for Unicode literals such as char foo[512] = "φωωβαρ"; (UTF-8) or wchar_t foo[512] = L"φωωβαρ"; (UTF-16 or UTF-32, depends on wchar_t) is implementation defined, and may require that the source code be in the same encoding, especially for char where compilers might just copy whatever is between the quotes. Some compilers or editors will require entering all non-ASCII characters as  sequences for each byte of UTF-8, and/or   for each word of UTF-16. Since C11 (and C++11), a new literal prefix u8 is available that guarantees UTF-8 for a bytestring literal, as in char foo[512] = u8"φωωβαρ";. Since C++20 and C23, a  type was added that is meant to store UTF-8 characters and the types of u8 prefixed character and string literals were changed to   and   respectively.

Terminology
In historical documentation the term "character" was often used instead of "byte" for C strings, which leads many to believe that these functions somehow do not work for UTF-8. In fact all lengths are defined as being in bytes and this is true in all implementations, and these functions work as well with UTF-8 as with single-byte encodings. The BSD documentation has been fixed to make this clear, but POSIX, Linux, and Windows documentation still uses "character" in many places where "byte" or "wchar_t" is the correct term.

Functions for handling memory buffers can process sequences of bytes that include null-byte as part of the data. Names of these functions typically start with, as opposite to the   prefix.

Headers
Most of the functions that operate on C strings are declared in the  header (  in C++), while functions that operate on C wide strings are declared in the   header (  in C++). These headers also contain declarations of functions used for handling memory buffers; the name is thus something of a misnomer.

Functions declared in  are extremely popular since, as a part of the C standard library, they are guaranteed to work on any platform which supports C. However, some security issues exist with these functions, such as potential buffer overflows when not used carefully and properly, causing the programmers to prefer safer and possibly less portable variants, out of which some popular ones are listed below. Some of these functions also violate const-correctness by accepting a  string pointer and returning a non-  pointer within the string. To correct this, some have been separated into two overloaded functions in the C++ version of the standard library.

Functions
{| class="wikitable" ! ! Byte string ! Wide string ! Description ! rowspan=5 | String manipulation ! rowspan=11 | String examination ! Miscellaneous ! rowspan=5 | Memory manipulation
 * strcpy
 * wcscpy
 * Copies one string to another
 * strncpy
 * wcsncpy
 * Writes exactly $n$ bytes, copying from source or adding nulls
 * strcat
 * wcscat
 * Appends one string to another
 * strncat
 * wcsncat
 * Appends no more than $n$ bytes from one string to another
 * strxfrm
 * wcsxfrm
 * Transforms a string according to the current locale
 * strxfrm
 * wcsxfrm
 * Transforms a string according to the current locale
 * Transforms a string according to the current locale
 * strlen
 * wcslen
 * Returns the length of the string
 * strcmp
 * wcscmp
 * Compares two strings (three-way comparison)
 * strncmp
 * wcsncmp
 * Compares a specific number of bytes in two strings
 * strcoll
 * wcscoll
 * Compares two strings according to the current locale
 * strchr
 * wcschr
 * Finds the first occurrence of a byte in a string
 * strrchr
 * wcsrchr
 * Finds the last occurrence of a byte in a string
 * strspn
 * wcsspn
 * Returns the number of initial bytes in a string that are in a second string
 * strcspn
 * wcscspn
 * Returns the number of initial bytes in a string that are not in a second string
 * strpbrk
 * wcspbrk
 * Finds in a string the first occurrence of a byte in a set
 * strstr
 * wcsstr
 * Finds the first occurrence of a substring in a string
 * strtok
 * wcstok
 * Splits a string into tokens
 * wcspbrk
 * Finds in a string the first occurrence of a byte in a set
 * strstr
 * wcsstr
 * Finds the first occurrence of a substring in a string
 * strtok
 * wcstok
 * Splits a string into tokens
 * wcstok
 * Splits a string into tokens
 * strerror
 * N/A
 * Returns a string containing a message derived from an error code
 * memset
 * wmemset
 * Fills a buffer with a repeated byte. Since C23, memset_explicit was added to erase sensitive data.
 * memcpy
 * wmemcpy
 * Copies one buffer to another. Since C23, memccpy was added to efficiently concatenate strings.
 * memmove
 * wmemmove
 * Copies one buffer to another, possibly overlapping, buffer
 * memcmp
 * wmemcmp
 * Compares two buffers (three-way comparison)
 * memchr
 * wmemchr
 * Finds the first occurrence of a byte in a buffer
 * colspan=4 | and with functions that do not allow buffer overflows, no accepted standard has arisen. This is partly due to the mistaken belief by many C programmers that   and   have the desired behavior; however, neither function was designed for this (they were intended to manipulate null-padded fixed-size string buffers, a data format less commonly used in modern software), and the behavior and arguments are non-intuitive and often written incorrectly even by expert programmers.
 * memchr
 * wmemchr
 * Finds the first occurrence of a byte in a buffer
 * colspan=4 | and with functions that do not allow buffer overflows, no accepted standard has arisen. This is partly due to the mistaken belief by many C programmers that   and   have the desired behavior; however, neither function was designed for this (they were intended to manipulate null-padded fixed-size string buffers, a data format less commonly used in modern software), and the behavior and arguments are non-intuitive and often written incorrectly even by expert programmers.
 * colspan=4 | and with functions that do not allow buffer overflows, no accepted standard has arisen. This is partly due to the mistaken belief by many C programmers that   and   have the desired behavior; however, neither function was designed for this (they were intended to manipulate null-padded fixed-size string buffers, a data format less commonly used in modern software), and the behavior and arguments are non-intuitive and often written incorrectly even by expert programmers.

The most popular replacement are the  and   functions, which appeared in OpenBSD 2.4 in December, 1998. These functions always write one NUL to the destination buffer, truncating the result if necessary, and return the size of buffer that would be needed, which allows detection of the truncation and provides a size for creating a new buffer that will not truncate. They have been criticized on the basis of allegedly being inefficient, encouraging the use of C strings (instead of some superior alternative form of string), and hiding other potential errors. Consequently, for years, they have not been included in the GNU C library (used by software on Linux), although that did get changed. The glibc Wiki FAQ about strlc{py|at} inclusion notes that as of glibc 2.38, the code has been committed and thereby added. The glibc 2.38 availability announcement cited the functions "are expected to be added to a future POSIX version." (The Austin Group Defect Tracker, ID 986 tracked some discussion about such plans for POSIX.) Even while glibc hadn't added support, strlcat and strlcpy have been implemented in a number of other C libraries including ones for OpenBSD, FreeBSD, NetBSD, Solaris, OS X, and QNX, as well as in alternative C libraries for Linux, such as libbsd, introduced in 2008, and musl, introduced in 2011. The lack of GNU C library support had not stopped various software authors from using it and bundling a replacement, among other SDL, GLib, ffmpeg, rsync, and even internally in the Linux kernel. Open source implementations for these functions are available.

Sometimes or  are used, as they may be more efficient than   as they do not repeatedly check for NUL (this is less true on modern processors). Since they need a buffer length as a parameter, correct setting of this parameter can avoid buffer overflows.

As part of its 2004 Security Development Lifecycle, Microsoft introduced a family of "secure" functions including  and   (along with many others). These functions were standardized with some minor changes as part of the optional C11 (Annex K) proposed by ISO/IEC WDTR 24731. These functions perform various checks including whether the string is too long to fit in the buffer. If the checks fail, a user-specified "runtime-constraint handler" function is called, which usually aborts the program. Some functions perform destructive operations before calling the runtime-constraint handler; for example,  sets the destination to the empty string, which can make it difficult to recover from error conditions or debug them. These functions attracted considerable criticism because initially they were implemented only on Windows and at the same time warning messages started to be produced by Microsoft Visual C++ suggesting use of these functions instead of standard ones. This has been speculated by some to be an attempt by Microsoft to lock developers into its platform. Although open-source implementations of these functions are available, these functions are not present in common Unix C libraries. Experience with these functions has shown significant problems with their adoption and errors in usage, so the removal of Annex K is proposed for the next revision of the C standard. Usage of memset_s has also been suggested as a way to avoid unwanted compiler optimizations.