Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!rill.news.pipex.net!pipex!netcom.net.uk!ix.netcom.com!news From: Richard Scranton <scrantr@ix.netcom.com> Newsgroups: comp.lang.c,comp.unix.bsd.freebsd.misc Subject: Re: What does gets() unsafe question mean? Date: Fri, 07 Mar 1997 14:35:05 -0500 Organization: LDA Systems, Columbus Lines: 56 Message-ID: <33206DE9.14B5@ix.netcom.com> References: <01bc2a8f$67037120$db083ccc@default> <331F980F.7767@ici.net> Reply-To: scrantr@ix.netcom.com NNTP-Posting-Host: col-oh29-55.ix.netcom.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-NETCOM-Date: Fri Mar 07 11:25:55 AM PST 1997 X-Mailer: Mozilla 3.01 (Win95; I) Xref: euryale.cc.adfa.oz.au comp.lang.c:195534 comp.unix.bsd.freebsd.misc:36703 Recent versions of gcc have included this "feature" in an attempt to educate the unwashed masses (us) that not considering the effects of a possible buffer overrun is a bad thing. Back around v1.3mumble, the gcc guys thought that #pragma was a bad thing, and therefore supported in the their own "implementation defined" manner. Upon encountering a #pragma anything it would immediately halt the compilation and try to run Hack or Rogue, and if those failed, start emacs with the Tower of Hanoi lisp macro running. I suppose strong opinions are better than no opinions... Alicia Carla Longstreet wrote: > > Jeffrey M. Metcalf wrote: > > > > Hello, > > > I recently wrote a little C program which uses the stdio.h function gets(). > > I compiled and ran it under FreeBSD and I get.. > > > warning: this program uses gets(), which is unsafe. > > > What exactly does this mean? Why is it unsafe? If possible, can any > > replies be sent as an e-mail to the above address? > > I can't be sure why your compiler is issueing a warning, it might be due > to an implementation specific requirement. Or it might be a very nice > compiler. > > My reference on Standard C says: > > The number of characters that gets() reads and stores cannot be > limited. > > This would be a very good reason not to use gets(). I would reccomend > using fgets() with stdin for the stream. > > char *fgets( char *s, int n, FILE *stream ) > > This will limit input to n-1 characters. > > -- > ******************************************** > * Alicia Carla Longstreet carla@ici.net > ******************************************** > > Knowledge is free..., > but you do have to pay me for my time and effort > in presenting the knowledge in a manner that > makes it easier for you to aquire. > You are free to reinvent the wheel anytime you please. -- ======================================================================== Richard Scranton - LDA Systems, Columbus scrantr@ix.netcom.com