tags:

views:

757

answers:

9
+1  Q: 

Am I correct that strcmp is equivalent (and safe) for literals?

We all know the trouble overflows can cause, and this is why strn* exist - and most of the time they make sense. However, I have seen code which uses strncmp to compare commandline parameters like so:

if(... strncmp(argv[i], "--help", 6) == 0

Now, I would have thought that this is unnecessary and perhaps even dangerous (for longer parameters it would be easy to miscount the characters in the literal).

strncmp stops on nulls, and the code already assumes argv[i] is null-terminated. Any string literal is guaranteed to be null-terminated, so why not use strcmp?

Perhaps I'm missing something, but I've seen this a few times and this time it intrigued me enough to ask.

+4  A: 

yes it is perfectly safe and considered standard practice. String literals are guaranteed to be properly null terminated.

Evan Teran  2009-01-15 21:43:01
+1  A: 

As far as I know, you're absolutely right--there's no reason to use strncmp instead of strcmp. Perhaps people are just being overcautious (not necessarily a bad thing).

MattK  2009-01-15 21:44:13
A: 

Yes, the presence of literal limits the size of compared data to the size of the literal. stncmp is redundant here.

Some may say that strncmp is a good habit to get into, but this is outweighted by the trouble of counting chars.

Arkadiy  2009-01-15 21:44:17
+1  A: 

I would probably write something like this in C(if I was using strncmp a lot & didn't want to do character counting):

if(... strncmp(argv[i], "--help", sizeof("--help") - 1) == 0
Paul Nathan  2009-01-15 21:45:26
but that iterates the string twice unnecessarily. At least use (sizeof("--help") - 1). And yes, sizeof works correctly on string literals since their size is known at compile time.
Evan Teran  2009-01-15 21:47:10
Also, no, strlen does not count the null.
Evan Teran  2009-01-15 21:48:13
I wasn't sure about sizeof against string literals. In general, I'd suggest C++ and std::string. :-)
Paul Nathan  2009-01-15 21:57:24
A: 

It's probably not done for safety. It could have been done to check only the start of command line parameter. Many programs just check the beginning of the command line switches and ignore the rest.

Mehrdad Afshari  2009-01-15 21:46:50
+3  A: 

You're right.

Moreover, the example you provided would match "--help" but also everything that begins with "--help" (like "--help-me").

A rare case in which overzealous == wrong.

rjack  2009-01-15 21:47:19
+5  A: 

Are you sure that the code is not intended to match on "--helpmedosoemthingwithareallylongoptionname"?

MSN

MSN  2009-01-15 21:48:20
This seems like a distinct possibility.
Andrew Medico  2009-01-15 22:04:08
that's a very good point. I don't *think* so in this case since all commandline args are done this way
Draemon  2009-01-15 23:33:05
+1  A: 

As others have said, strcmp() is perfectly safe to use with literals. If you want to use strncmp(), try this:

strncmp(argv[i], "--help", sizeof("--help"))

Let the compiler do the counting for you!

This will only match the exact string "--help". If you want to match all strings which begin with "--help" (as your code does), use sizeof() - 1 to not include the last '\0'.

Christoph  2009-01-15 21:49:33
you mean sizeof("--help") - 1, since sizeof will include the null terminator.
Evan Teran  2009-01-15 21:52:01
@Evan: depends on what you want to do - already edited my answer ;)
Christoph  2009-01-15 21:52:38
A: 

er... technically couldn't something like this happen?

char *cp1 = "help";
cp1[4] = '!'; // BAD PRACTICE! don't try to mutate a string constant!
// Especially if you remove the terminating null!
  ...
strcmp(some_variable, "help"); 
// if compiler is "smart" enough to use the same memory to implement
// both instances of "help", you are screwed...

I guess this is a pathological case and/or garbage-in, garbage out ("Doc, it hurts when I whack my head against the wall!" "Then don't do it!")...

(p.s. I'm just raising the issue -- if you feel this post muddies the waters, comment appropriately & I'll delete it)

Jason S  2009-01-15 23:11:10
Since the string modification is forbidden, I don't think you can say that other code is wrong because it is affected by it. It's like saying there's an error in one program because it can be executed by exploiting a buffer overflow in another.
Draemon  2009-01-15 23:22:56
If the two strings were stored in the same place, then the modification affects both strings, and the comparison will still be equal - or you get a core dump. Of course, the behaviour is undefined; anything is possible - Google for 'nasal demons' if you like.
Jonathan Leffler  2009-01-16 03:05:11

related questions

any good tool for makefile generation?
How do you pass a function as a parameter in C?
Where should a veteran C programmer start in order to master Java ?
Any good book on best practice and guidelines in developing a SDK in C?
How do you determine the size of a file in C?
Decoding printf statements in C (Printf Primer)
Shift operator in C
How to avoid redefining VERSION, PACKAGE, etc.
Alpha blending sprites in Nintendo DS Homebrew
When should I use type abstraction in embedded systems
How to implement continuations?
What are the barriers to understanding pointers and what can be done to overcome them?
Anyone have experience creating a shared library in MATLAB?
String.indexOf function in C
Passing multidimensional arrays as function arguments in C
C/C++ library for reading MIDI signals from a USB MIDI device
Choosing a static code analysis tool
How do you printf an unsigned long long int?
Good STL-like library for C.
Rockbox audio format
Why am I getting a malloc: double free error with realloc()?
Should I learn C?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS