Return to BSD News archive
Xref: sserve comp.os.386bsd.questions:11906 comp.os.386bsd.development:2352 comp.os.386bsd.misc:2914 Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!msuinfo!agate!howland.reston.ans.net!gatech!swrinde!news.uh.edu!uuneo.neosoft.com!Starbase.NeoSoft.COM!nobody From: peter@Starbase.NeoSoft.COM (Peter da Silva) Newsgroups: comp.os.386bsd.questions,comp.os.386bsd.development,comp.os.386bsd.misc Subject: Re: Why does FreeBSD 1.1.5 say gets() is unsafe? Date: 29 Jul 1994 21:51:12 -0500 Organization: NeoSoft Internet Services +1 713 684 5969 Lines: 22 Message-ID: <31cf70$3c@Starbase.NeoSoft.COM> References: <30lrf3$2ii@acmez.gatech.edu> <311m2e$o33@agate.berkeley.edu> <jmonroyCtMGq2.IC6@netcom.com> <Ctn5yy.3I0@cs.vu.nl> NNTP-Posting-Host: starbase.neosoft.com In article <Ctn5yy.3I0@cs.vu.nl>, Kees J. Bot <kjb@cs.vu.nl> wrote: >I don't have gets() in the C library on my system (Minix-386vm) at all. >Any gets(buf) call that I may find is immediately replaced by: > result = fgets(buf, sizeof(buf), stdin); > *strchr(buf, '\n') = 0; This can result in writing through the null pointer if reading from a zero length file and the buffer is uninitialized, or on any eof if the buffer is reinitialized, which will core dump on OSF/1 and generate enforcer hits on the Amiga. if(result = fgets(buf, sizeof(buf), stdin)) *strchr(buf, '\n') = 0; >This makes options 3) and 4) impossible, because a NULL-dereference will >occur if 'buf' is overrun causing a core dump. Um, could you explain this statement? I honestly don't understand whether you were intentionally creating that null dereference or not. fgets will not overrun the buffer, and gets overrunning the buffer has unpredictable results, not simply a null dereference.