5 — yeh '\0' se PEHLE wale chars count karta hai, terminator nahi.
strlen O(n) kyun hai?
char* mein koi length store nahi hoti, isliye '\0' tak byte-by-byte scan karna padta hai.
strcpy kya copy karta hai jise beginners bhool jaate hain?
Yeh '\0' bhi copy karta hai, isliye dst ko len+1 bytes chahiye.
strcat ke liye dst mein strlen(dst)+strlen(src)+1 kyun hona chahiye?
Dono strings plus ek final '\0' fit karne ke liye.
strcat dst mein kaun sa ek byte overwrite karta hai?
dst ka purana '\0', taaki dono strings join ho jayein.
sprintf dangerous kyun hai?
Ise buf ki size kabhi pata nahi hoti aur agar output lamba ho toh overflow kar deta hai.
sprintf ka safe replacement kya hai?
snprintf(buf, sizeof buf, ...) — bounded hai aur hamesha terminate karta hai.
sizeof buf buffer size kyun nahi de paata?
Agar buf ek char* parameter hai, toh sizeof pointer size (8) deta hai, array nahi.
C mein agar aap array ke end ke baad likhte ho toh kya hota hai?
Undefined behaviour — koi bounds check nahi; crash ho sakta hai ya exploit ho sakta hai.
Recall Feynman: ek 12-saal ke bacche ko samjhao
Socho ek row of mailboxes hai, har ek mein ek letter hai, milke ek word banta hai. Koi sign nahi
hai ki word kitna lamba hai. Toh hum last letter ke baad ek special "STOP" mailbox (ek khali
wala) rakhte hain. Word padhne ke liye aap saamne se shuru karo aur chalte raho jab tak STOP na
mile. Kisi word ko copy karna matlab hai har letter aur STOP box ko boxes ki nayi row mein copy
karna. Khatre: agar aapki nayi row mein sirf 5 boxes hain lekin word + STOP ko 6 chahiye, toh aap
apne neighbour ke box mein likh dete ho — aur C mein koi nahi rokta. Woh neighbour ka mailbox bug
hi buffer overflow hai.