Hi all,
Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). why...?
regards,
jayapal.
104  5258 
In <2f************ *************** *******@n20g200 0hsh.googlegrou ps.comjayapal <ja********@gma il.comwrites:
Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). why...?
gets() does not allow you limit the amount of input, which means it
can potentially overflow the buffer into which the input is placed.
--
John Gordon A is for Amy, who fell down the stairs go****@panix.co m B is for Basil, assaulted by bears
-- Edward Gorey, "The Gashlycrumb Tinies"
On Nov 16, 10:10 pm, John Gordon <gor...@panix.c omwrote:
gets() does not allow you limit the amount of input, which means it
can potentially overflow the buffer into which the input is placed.
Can u explain the differences b/w the scanf() and gets() ..?
Thanks,
Jayapal
jayapal <ja********@gma il.comwrites:
On Nov 16, 10:10 pm, John Gordon <gor...@panix.c omwrote:
>gets() does not allow you limit the amount of input, which means it
can potentially overflow the buffer into which the input is placed.
Can u explain the differences b/w the scanf() and gets() ..?
Presumably you mean for string input? Using 'scanf("%[^\n]", buf)'
has the same problem as 'gets'. But scanf can be saved (just about)
since it permits a bounded input operation:
char buf[100];
...
if (scanf("%99[^\n]", buf) == 1) ...
--
Ben.
jayapal wrote:
Hi all,
Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). why...?
regards,
jayapal.
That function is deprecated and will disappear shortly.
Its usage is not recommended because there is no way to
limit the input that it will receive, and it can overflow
the input buffer.
--
jacob navia
jacob at jacob point remcomp point fr
logiciels/informatique http://www.cs.virginia.edu/~lcc-win32
On 16 Nov 2007 at 18:41, jacob navia wrote:
jayapal wrote:
>Hi all,
Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). why...?
regards,
jayapal.
That function is deprecated and will disappear shortly.
Its usage is not recommended because there is no way to
limit the input that it will receive, and it can overflow
the input buffer.
This sort of absolute prohibition on gets() is completely wrong-headed.
It's completely fine to use gets(), as long as you use it properly. To
use it properly, *you* need to be in control of the data that gets()
reads. For throwaway utility routines this will often be the case, and
there's no problem using gets() in this case.
In article <sl************ *******@nospam. com>, CJ <no****@nospam. comwrote:
>This sort of absolute prohibition on gets() is completely wrong-headed.
It's completely fine to use gets(), as long as you use it properly. To
use it properly, *you* need to be in control of the data that gets()
reads. For throwaway utility routines this will often be the case, and
there's no problem using gets() in this case.
Except that throwaway code has an annoying habit of not getting thrown
away. If you make a habit of using gets in your throwaway code, sooner
or later it WILL escape into the wild, and once that happens it's only
a matter of time before it becomes an exploitable bug.
dave
jayapal wrote, On 16/11/07 17:18:
On Nov 16, 10:10 pm, John Gordon <gor...@panix.c omwrote:
>gets() does not allow you limit the amount of input, which means it
can potentially overflow the buffer into which the input is placed.
Can u explain the differences b/w the scanf() and gets() ..?
Please don't use contractions like "u" for "you" or "b/w" for "between".
They make it far harder to read your posts. For example, a lot of people
will be more likely to read "b/w" as "black and white" then "between"
and then have to work out what you actually meant.
As to your question, it is almost easier to say what the similarities
are. The main similarity is that they both get input from stdin, after
that they are very different. gets just keep reading input in to the
memory you provide a pointer to until either a newline is encountered or
your program crashes. scanf reads input as specified by the format
specifier you provide. With work, scanf *can* be used safely (although
it is not easy for a novice) but it is virtually impossible to use gets
safely and it definitely cannot be used safely for user input.
I would recommend you learn to use fgets and getc and build your input
routines using these function and separate passing. You can use sscanf
for the passing if you like, although you have to be careful, since it
is not as hard to use sscanf correctly as it is to use scanf or fscanf
correctly.
--
Flash Gordon
CJ said:
On 16 Nov 2007 at 18:41, jacob navia wrote:
>jayapal wrote:
>>Hi all,
Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). why...?
regards,
jayapal.
That function is deprecated and will disappear shortly.
Its usage is not recommended because there is no way to
limit the input that it will receive, and it can overflow
the input buffer.
This sort of absolute prohibition on gets() is completely wrong-headed.
No, it isn't. (Even a stopped clock is right twice a day.) There is never a
good reason to use the gets function.
It's completely fine to use gets(), as long as you use it properly.
To use it properly, precede it with an 'f', and modify the syntax of the
call accordingly.
To
use it properly, *you* need to be in control of the data that gets()
reads. For throwaway utility routines this will often be the case, and
there's no problem using gets() in this case.
That would be fine, if it were not for the facts that (a) you're not
necessarily as much in control of the data as you think you are, and (b)
throwaway routines have a bad habit of not being thrown away.
--
Richard Heathfield <http://www.cpax.org.uk >
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999
On Nov 16, 10:04 pm, jayapal <jayapal...@gma il.comwrote:
Hi all,
Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). why...?
gets is very very dangerous. Handle with care :):)
It has buffer related worries.(Expect s newline in its pocket to
work without causing any harm !)
Karthik Balaguru This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Michael Sig Birkmose |
last post by:
Hi everyone!
Does anyone know, if it is possible to meassure the maximum stack usage of
a C program throughout it's entire execution?
--
Michael Birkmose
|
by: Lee |
last post by:
Hi
Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). Is this due to the
possibility of array overflow? Is it correct that the program flow can
be altered by giving some specific calculated inputs to gets()? How
could anyone do so once the executable binary have been generated? I
have heard many of the security problems and other bugs are due to
array overflows.
|
by: Cuthbert |
last post by:
After compiling the source code with gcc v.4.1.1, I got a warning
message:
"/tmp/ccixzSIL.o: In function 'main';ex.c: (.text+0x9a): warning: the
'gets' function is dangerous and should not be used."
Could anybody tell me why gets() function is dangerous??
Thank you very much.
Cuthbert
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
