Using strncpy requires that you know the length of the destination buffer, and if you know that, then you could be using memcpy instead

The length of the destination buffer is the maximum number of characters you can copy. The length of the source string is the maximum number that you want to copy. In any cases where the former is smaller than the latter, you want to detect an error.

The strlcpy function is good for this case. It doesn’t require you to scan the source string twice (once to find the null terminator, once to do the copy) and it lets you specify the maximum size. It always returns a null-terminated buffer (unlike strncpy, which should never be used because if the destination is not long enough then it doesn’t null terminate and so is spectacularly dangerous).

There are three cases:

• You know the length of the source and the size of the destination. Use memcpy.
• You know the size of the destination. Use strlcpy, check for error (or don’t if you don’t care about truncation - the result is deterministic and if you’ve asked for a string up to a certain size then strlcpy may enforce this for you).
• You don’t want to think about the size of the destination. Use strdup and let it allocate a buffer that’s big enough for your string.

99% of cases I’ve used, strdup is the right thing to do. Don’t worry about the string length, just let libc handle allocating a buffer for it. For most of the rest, strlcpy is the right solution. If memcpy looks like the right thing, you’re probably dealing with some abstraction over C strings, rather than raw C strings. If you’re willing to do that, use C++’s std::string, let it worry about all of this for you, and spend your time on your application logic and not on tedious bits of C memory management.

I honestly don’t know what the point of strncpy is. I understand the urge to strcpy to copy a short string into a large buffer; it only copies as many bytes as necessary. But strncpy does not do this – it copies the string into the buffer, and then it fills the buffer with null bytes until it has written as many bytes as you told it to. Basically, it’s worse than memcpy in every way unless this particular weird behaviour is what you really want. To call it “niche” is not only fair, it’s kind.

strncpy was intended for fixed-length character fields such as utmp; it wasn’t designed for null-terminated strings. It’s error prone so I replace strnc(at|py) with strlc(at|py) or memmove.

strcpy, like gets, is fundamentally unsafe and there’s no way to use it safely unless the source buffer is known at compile-time.

Huh? The danger of gets is completely different from that of strcpy (and the former is certainly worse) – gets does I/O, taking in arbitrary, almost-certainly unknown input data; strcpy operates entirely on data already within your program’s address space and (hopefully) already known to be a valid, NUL-terminated string of a known length. Yes, it is very possible (easy, even) to screw that up and end up with arbitrary badness, but it’s a lot easier to get right than ensuring that whatever bytes gets pulls in are going to contain a linefeed within the expected number of bytes (the only way I can think of offhand for using gets safely would involve a dup-ing a pipe or socketpair or something you created yourself to your own stdin and writing known data into it).

(This is not to say that strcpy is great, nor to negate the point of the article that it can and quite arguably should be replaced by memcpy in most cases. But it’s not as grossly broken as gets.)