Null termination of char array

If you type more than four characters then the extra characters and the null terminator will be written outside the end of the array, overwriting memory not belonging to the array. This is a buffer overflow.

C does not prevent you from clobbering memory you don’t own. This results in undefined behavior. Your program could do anything—it could crash, it could silently trash other variables and cause confusing behavior, it could be harmless, or anything else. Notice that there’s no guarantee that your program will either work reliably or crash reliably. You can’t even depend on it crashing immediately.

This is a great example of why scanf("%s") is dangerous and should never be used. It doesn’t know about the size of your array which means there is no way to use it safely. Instead, avoid scanf and use something safer, like fgets():

fgets() reads in at most one less than size characters from stream and stores them into the buffer pointed to by s. Reading stops after an EOF or a newline. If a newline is read, it is stored into the buffer. A terminating null byte (‘\0’) is stored after the last character in the buffer.


if (fgets(A, sizeof A, stdin) == NULL) {
    /* error reading input */

Annoyingly, fgets() will leave a trailing newline character (‘\n’) at the end of the array. So you may also want code to remove it.

size_t length = strlen(A);
if (A[length - 1] == '\n') {
    A[length - 1] = '\0';

Ugh. A simple (but broken) scanf("%s") has turned into a 7 line monstrosity. And that’s the second lesson of the day: C is not good at I/O and string handling. It can be done, and it can be done safely, but C will kick and scream the whole time.

Leave a Comment