Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mira.net.au!news.vbc.net!vbcnet-west!samba.rahul.net!rahul.net!a2i!news.pbi.net!su-news-hub1.bbnplanet.com!cam-news-hub1.bbnplanet.com!news.bbnplanet.com!howland.erols.net!newsfeed.internetmci.com!avalon.net!avalon.net!not-for-mail From: amorph@avalon.net (The Amorphous Mass) Newsgroups: comp.lang.c,comp.unix.bsd.freebsd.misc Subject: Re: What does gets() unsafe question mean? Date: 7 Mar 1997 11:59:57 -0600 Organization: When Hell freezes over Lines: 25 Message-ID: <5fpl2t$8fv@arthur.avalon.net> References: <01bc2a8f$67037120$db083ccc@default> NNTP-Posting-Host: arthur.avalon.net Xref: euryale.cc.adfa.oz.au comp.lang.c:195533 comp.unix.bsd.freebsd.misc:36702 Jeffrey M. Metcalf (metcalf@snet.net) wrote: >I recently wrote a little C program which uses the stdio.h function gets(). > I compiled and ran it under FreeBSD and I get.. > >warning: this program uses gets(), which is unsafe. Nice. Good compiler. :-) >What exactly does this mean? The FAQ for comp.lang.c answers this question (it's a nice document to have around -- http://www.eskimo.com/~scs/C-faq/top.html). The short answer: What do you think will happen with this code fragment if your user responds to the prompt with "Berkeley Software Distribution, University of California at Berkeley, Berkeley California 0U812?" char name[20]; /* enough space for "Berkeley Software D" and a null terminator */ printf("Enter your full name:"); fflush(stdout); gets(name); -- The Amorphous Mass If I knew what I was doing, amorph@avalon.net it wouldn't be research.