*BSD News Article 90613


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!goanna.cs.rmit.edu.au!news.apana.org.au!cantor.edge.net.au!news.teragen.com.au!news.access.net.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!news.nacamar.de!Frankfurt.Germany.EU.net!Stuttgart.Germany.EU.net!main.Germany.EU.net!Dortmund.Germany.EU.net!Saruman.CWA.de!news
From: Stephan Wilms <Stephan.Wilms@CWA.de>
Newsgroups: comp.lang.c,comp.unix.bsd.freebsd.misc
Subject: Re: What does gets() unsafe question mean?
Date: Fri, 07 Mar 1997 15:04:21 +0100
Organization: CWA GmbH
Lines: 26
Message-ID: <33202065.384E@CWA.de>
References: <01bc2a8f$67037120$db083ccc@default>
NNTP-Posting-Host: morgoth.cwa.de
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 2.01 (Win95; I)
CC: stephan.wilms@cwa.de
Xref: euryale.cc.adfa.oz.au comp.lang.c:195765 comp.unix.bsd.freebsd.misc:36757

Jeffrey M. Metcalf wrote:
> 
> Hello,
> 
> I recently wrote a little C program which uses the stdio.h function gets().
>  I
> compiled and ran it under FreeBSD and I get..
> 
> warning: this program uses gets(), which is unsafe.
> 
> What exactly does this mean?  Why is it unsafe?

Wow, thats one helpfull compiler. The answer is that 'gets()' will happily
write over the end of your string into unknown territory (memory) if the
user enters more characters then expected.

You should use 'fgets()' instead to read from 'stdin'.

The c.l.c FAQ contains lots of helpfull advice on 'get()' and 'fgets()'. Among
other it answers the question:
   12.23:  Why does everyone say not to use gets()?

You can get the FAQ at http://www.eskimo.com/~scs/C-faq/top.htm or at
at rtfm.mit.edu or  and it gets posted to this newsgroup regularly.

Stephan