1 .\" Copyright 1993 David Metcalfe (david@prism.demon.co.uk)
3 .\" SPDX-License-Identifier: Linux-man-pages-copyleft
5 .\" References consulted:
6 .\" Linux libc source code
7 .\" Lewine's _POSIX Programmer's Guide_ (O'Reilly & Associates, 1991)
9 .\" Modified Sat Jul 24 18:11:47 1993 by Rik Faith (faith@cs.unc.edu)
10 .\" 2007-06-15, Marc Boyer <marc.boyer@enseeiht.fr> + mtk
11 .\" Improve discussion of strncat().
12 .TH STRCAT 3 2021-03-22 "GNU" "Linux Programmer's Manual"
14 strcat, strncat \- concatenate two strings
17 .RI ( libc ", " \-lc )
20 .B #include <string.h>
22 .BI "char *strcat(char *restrict " dest ", const char *restrict " src );
23 .BI "char *strncat(char *restrict " dest ", const char *restrict " src \
34 overwriting the terminating null byte (\(aq\e0\(aq) at the end of
36 and then adds a terminating null byte.
37 The strings may not overlap, and the
40 enough space for the result.
43 is not large enough, program behavior is unpredictable;
44 .IR "buffer overruns are a favorite avenue for attacking secure programs" .
48 function is similar, except that
57 does not need to be null-terminated if it contains
63 the resulting string in
65 is always null-terminated.
80 plus the terminating null byte).
81 Therefore, the size of
84 .IR "strlen(dest)+n+1" .
86 A simple implementation of
93 strncat(char *dest, const char *src, size_t n)
95 size_t dest_len = strlen(dest);
98 for (i = 0 ; i < n && src[i] != \(aq\e0\(aq ; i++)
99 dest[dest_len + i] = src[i];
100 dest[dest_len + i] = \(aq\e0\(aq;
111 functions return a pointer to the resulting string
114 For an explanation of the terms used in this section, see
122 Interface Attribute Value
126 T} Thread safety MT-Safe
132 POSIX.1-2001, POSIX.1-2008, C89, C99, SVr4, 4.3BSD.
134 Some systems (the BSDs, Solaris, and others) provide the following function:
136 size_t strlcat(char *dest, const char *src, size_t size);
138 This function appends the null-terminated string
143 .IR "size\-strlen(dest)\-1"
146 and adds a terminating null byte to the result,
151 This function fixes the buffer overrun problem of
153 but the caller must still handle the possibility of data loss if
156 The function returns the length of the string
158 tried to create; if the return value is greater than or equal to
161 If data loss matters, the caller
163 either check the arguments before the call, or test the function return value.
165 is not present in glibc and is not standardized by POSIX,
166 .\" https://lwn.net/Articles/506530/
167 but is available on Linux via the
176 must find the null byte that terminates the string
178 using a search that starts at the beginning of the string,
179 the execution time of these functions
180 scales according to the length of the string
182 This can be demonstrated by running the program below.
183 (If the goal is to concatenate many strings to one target,
184 then manually copying the bytes from each source string
185 while maintaining a pointer to the end of the target string
186 will provide better performance.)
197 main(int argc, char *argv[])
200 char p[LIM + 1]; /* +1 for terminating null byte */
206 for (int j = 0; j < LIM; j++) {
207 if ((j % 10000) == 0)
208 printf("%d %jd\en", j, (intmax_t) (time(NULL) \- base));