C 中清空字符串的最佳方法是什么?
您好,我有一个字符字符串
name[50] = "I loveprogramming"
发生的情况是,我想在调用另一个函数之前清空该字符串,以便我可以在同一个数组中存储一些
内容这个工作?
name[0] = '\0';
或者是否可以在不创建任何新函数或使用任何其他库的情况下清空字符串?
Hi I have a char string
name[50] = "I love programming"
what happen is that I want to empty this string before I call my another function so that I can store something in the same array
will this work?
name[0] = '\0';
or is there anyway to empty the string without creating any new function or use any other library?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(7)
将第一个字符设置为 nul 是完全可以接受的。但如果该字符串在安全性方面很敏感,那么您应该使用 memset 将其清零。
编辑:
Matteo Italia 的回答让我对这个主题有了更深入的了解。根据 本文档 (和 Matteos 的回答)
memset可以被优化掉,因此不是从内存中删除敏感信息的最佳选择。该文档有几个选项,但没有一个是可移植和可靠的,因此它专门为此目的提出了新的函数标准memset_s。此功能尚不存在,因此我们目前陷入了不可移植(SecureZeroMemory)、不可靠(易失性技巧)或非最佳选项(<代码> secure_memset 示例)。Setting first char to nul is perfectly acceptable. But if that string was sensitive in terms of security, then you should zero it out with
memset.Edit:
Answer from Matteo Italia made me dig a bit deeper on this subject. According to this document (and Matteos answer)
memsetcould be optimized away, and so is not the best option to remove sensitive information from memory. The document has several options, but none of them is portable and reliable, so it proposes new function standardmemset_sjust for such purposes. This function does not exist yet, so we're currently stuck with non-portable (SecureZeroMemory), non-reliable (volatiletrick), or non-optimal options (secure_memsetexample).使用 memset 代替。这只会使缓冲区无效,但当变量超出范围时,分配的内存将如何从堆栈中释放。
Use memset instead. This would just nullify the buffer but the memory allocated would any how gets deallocated from stack when the variable goes out of scope.
C 中确实没有清空 char 字符串的概念。它只是一个指向某些已分配内存的指针。您可以以任何您希望的方式重用该内存,而无需先“清空”它。所以,最简单的清空方法就是“不要”。
如果您出于某种原因想显式清除字符串的所有内容,请使用其他答案中给出的 memset 方法。
如果您想“清空”它,即在打印时不会打印任何内容,那么可以,只需将第一个字符设置为“\0”即可。
总而言之,这完全取决于您真正想要做什么。 为什么你想“清空”字符串?
There's really no concept of emptying a char string in C. It's simply a pointer that points to some allocated memory. You can reuse that memory in any way you wish, without "emptying" it first. So, the easiest way to empty it is "just don't".
If you want to explicitly clear all contents of the string for some reason, use the
memsetapproach given in other answers.If you want to "empty" it in the sense that when it's printed, nothing will be printed, then yes, just set the first char to `\0'.
To conclude, it all depends on what you really want to do. Why do you want to "empty" the string?
IIRC,你可以这样使用 memset:
IIRC, you might use memset this way:
从技术上讲,这是正确的,例如:
Tehnically it is correct, for example:
或者
or
这取决于您想要获得的效果。如果您只想将其长度归零,您可以这样做,正如您所说:
如果相反,您想清除字符串中的敏感数据,则应该使用 memset 将其完全归零(某些操作系统也有一个“安全”的归零函数,应该保证不会被编译器优化掉 - 参见例如 SecureZeroMemory(Windows 上)。
另一方面,如果您调用的函数仅使用您作为输出缓冲区传递的缓冲区,而不考虑其内容,则可以将缓冲区保持原样。
It depends from the effect you want to obtain. If you just want to zero its length you can do, as you said:
If, instead, you want to clean your string from sensitive data, you should zero it completely with
memset(some operating systems also have a "secure" zeroing function that should be guaranteed not to be optimized away by the compiler - see e.g. SecureZeroMemory on Windows).On the other hand, if the function you are calling just uses the buffer you are passing as an output buffer disregarding its content, you may just leave the buffer as it is.