*BSD News Article 90552


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!rill.news.pipex.net!pipex!netcom.net.uk!ix.netcom.com!news
From: Richard Scranton <scrantr@ix.netcom.com>
Newsgroups: comp.lang.c,comp.unix.bsd.freebsd.misc
Subject: Re: What does gets() unsafe question mean?
Date: Fri, 07 Mar 1997 14:35:05 -0500
Organization: LDA Systems, Columbus
Lines: 56
Message-ID: <33206DE9.14B5@ix.netcom.com>
References: <01bc2a8f$67037120$db083ccc@default> <331F980F.7767@ici.net>
Reply-To: scrantr@ix.netcom.com
NNTP-Posting-Host: col-oh29-55.ix.netcom.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-NETCOM-Date: Fri Mar 07 11:25:55 AM PST 1997
X-Mailer: Mozilla 3.01 (Win95; I)
Xref: euryale.cc.adfa.oz.au comp.lang.c:195534 comp.unix.bsd.freebsd.misc:36703

Recent versions of gcc have included this "feature" in an attempt to
educate the unwashed masses (us) that not considering the effects of
a possible buffer overrun is a bad thing.  Back around v1.3mumble, the
gcc guys thought that #pragma was a bad thing, and therefore supported
in the their own "implementation defined" manner.  Upon encountering
a #pragma anything it would immediately halt the compilation and try
to run Hack or Rogue, and if those failed, start emacs with the Tower
of Hanoi lisp macro running.  I suppose strong opinions are better
than no opinions...

Alicia Carla Longstreet wrote:
> 
> Jeffrey M. Metcalf wrote:
> >
> > Hello,
> 
> > I recently wrote a little C program which uses the stdio.h function gets().
> > I compiled and ran it under FreeBSD and I get..
> 
> > warning: this program uses gets(), which is unsafe.
> 
> > What exactly does this mean?  Why is it unsafe?  If possible, can any
> > replies be sent as an e-mail to the above address?
> 
> I can't be sure why your compiler is issueing a warning, it might be due
> to an implementation specific requirement. Or it might be a very nice
> compiler.
> 
> My reference on Standard C says:
> 
>         The number of characters that gets() reads and stores cannot be
> limited.
> 
> This would be a very good reason not to use gets().  I would reccomend
> using fgets() with stdin for the stream.
> 
> char *fgets( char *s, int n, FILE *stream )
> 
> This will limit input to n-1 characters.
> 
> --
> ********************************************
> * Alicia Carla Longstreet     carla@ici.net
> ********************************************
> 
> Knowledge is free...,
> but you do have to pay me for my time and effort
> in presenting the knowledge in a manner that
> makes it easier for you to aquire.
> You are free to reinvent the wheel anytime you please.

-- 
========================================================================
Richard Scranton - LDA Systems, Columbus
scrantr@ix.netcom.com