memset, memset_explicit, memset_s - cppreference.com (original) (raw)
| Defined in header <string.h> | ||
|---|---|---|
| void *memset( void *dest, int ch, size_t count ); | (1) | |
| void *memset_explicit( void *dest, int ch, size_t count ); | (2) | (since C23) |
| errno_t memset_s( void *dest, rsize_t destsz, int ch, rsize_t count ); | (3) | (since C11) |
- Copies the value (unsigned char)ch into each of the first
countcharacters of the object pointed to bydest.
The behavior is undefined if access occurs beyond the end of the dest array. The behavior is undefined if dest is a null pointer.
Same as (1), except that is safe for sensitive information.
Same as (1), except that the following errors are detected at runtime and call the currently installed constraint handler function after storing
chin every location of the destination range [dest, dest+destsz) ifdestanddestszare themselves valid:
destis a null pointerdestszorcountis greater than RSIZE_MAXcountis greater thandestsz(buffer overflow would occur)
The behavior is undefined if the size of the character array pointed to by dest < count <= destsz; in other words, an erroneous value of destsz does not expose the impending buffer overflow.
As with all bounds-checked functions, memset_s is only guaranteed to be available if __STDC_LIB_EXT1__ is defined by the implementation and if the user defines __STDC_WANT_LIB_EXT1__ to the integer constant 1 before including <string.h>.
[edit] Parameters
| dest | - | pointer to the object to fill |
|---|---|---|
| ch | - | fill byte |
| count | - | number of bytes to fill |
| destsz | - | size of the destination array |
[edit] Return value
1,2) A copy of dest
- zero on success, non-zero on error. Also on error, if
destis not a null pointer anddestszis valid, writesdestszfill byteschto the destination array.
[edit] Notes
memset may be optimized away (under the as-if rules) if the object modified by this function is not accessed again for the rest of its lifetime (e.g., gcc bug 8537). For that reason, this function cannot be used to scrub memory (e.g., to fill an array that stored a password with zeroes).
This optimization is prohibited for memset_explicit and memset_s: they are guaranteed to perform the memory write.
Third-party solutions for that include FreeBSD explicit_bzero or Microsoft SecureZeroMemory.
[edit] Example
#define STDC_WANT_LIB_EXT1 1
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main(void)
{
char str[] = "ghghghghghghghghghghgh";
puts(str);
memset(str,'a',5);
puts(str);
#ifdef STDC_LIB_EXT1
set_constraint_handler_s(ignore_handler_s);
int r = memset_s(str, sizeof str, 'b', 5);
printf("str = "%s", r = %d\n", str, r);
r = memset_s(str, 5, 'c', 10); // count is greater than destsz
printf("str = "%s", r = %d\n", str, r);
#endif
}
Possible output:
ghghghghghghghghghghgh aaaaahghghghghghghghgh str = "bbbbbhghghghghghghghgh", r = 0 str = "ccccchghghghghghghghgh", r = 22
[edit] References
C17 standard (ISO/IEC 9899:2018):
7.24.6.1 The memset function (p: 270)
K.3.7.4.1 The memset_s function (p: 451)
C11 standard (ISO/IEC 9899:2011):
7.24.6.1 The memset function (p: 371)
K.3.7.4.1 The memset_s function (p: 621-622)
C99 standard (ISO/IEC 9899:1999):
7.21.6.1 The memset function (p: 333)
C89/C90 standard (ISO/IEC 9899:1990):
4.11.6.1 The memset function