Strings: Just Character Arrays

In C, there is no built-in string type. A string is simply an array of characters (char) where the end of the string is marked by a special character called the Null Terminator ('\0', which has an ASCII value of 0).

Because of this design, a string of length $N$ always requires $N+1$ bytes of storage.

String Literals and Memory

When you write "Hello", you are creating a String Literal.

• Literals are typically stored in the Text Segment (read-only memory) of the executable.
• Trying to modify a string literal (e.g., char *p = "Hello"; p[0] = 'h';) results in Undefined Behavior, often a segmentation fault.

To have a modifiable string, you must copy it into an array:

char modifiable[] = "Hello"; // Copies "Hello" into stack memory
modifiable[0] = 'h';         // Perfectly valid

Common <string.h> Functions

C provides a standard library for string manipulation. However, these functions are notorious for being unsafe if not used with extreme care.

The Buffer Overflow Vulnerability

If you try to store 10 characters in an array of size 5, C will happily write the extra 5 characters into whatever follows the array in memory. This can overwrite return addresses or other variables, allowing attackers to hijack program execution.

char buffer[6];
// How many 'actual' characters can this buffer safely hold?
// Answer: 

Pointer Arithmetic with Strings

Because strings are arrays, we can iterate through them using pointer arithmetic. This is often faster than indexing and is the idiomatic way to write string functions in C.

Modern Safety: snprintf

In modern C development, functions like strcpy are often banned in favor of snprintf or strncpy, which allow you to specify the maximum number of bytes to write.

char dest[10];
snprintf(dest, sizeof(dest), "%s", "This is a very long string");
// 'dest' will contain "This is a\0" (safe truncation)