Hi all,
Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). why...?
regards,
jayapal.
Nov 16 '07
104  5266 
"Paul Hsieh" <we******@gmail .comwrote in message
On Nov 16, 9:04 am, jayapal <jayapal...@gma il.comwrote:
>Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). why...?
No set of program control can prevent gets() from having undefined
behavior. In fact, basically all C compilers implement gets() to have
undefined behavior.
Undefined behaviour means "undefined by the standard". It is possible,
though rather difficult, to implement a safe gets(), that is to say one that
always terminates the program with an error message if the buffer is
exceeded.
What is not possible to is implement is a safe fgets(), that is to say, one
that can be used safely given the limitations of the average human
programmer.
--
Free games and programming goodies. http://www.personal.leeds.ac.uk/~bgy1mm
Paul Hsieh wrote On 11/16/07 16:53,:
On Nov 16, 12:20 pm, Eric Sosman <Eric.Sos...@su n.comwrote:
>>Paul Hsieh wrote On 11/16/07 14:43,:
>>>On Nov 16, 9:04 am, jayapal <jayapal...@gma il.comwrote:
>>>>Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). why...?
>>>No set of program control can prevent gets() from having undefined
behavior. In fact, basically all C compilers implement gets() to have
undefined behavior. Because of this, the function has been slated to
be deprecated in the next C standard. I have made a safe
implementati on of gets() that you can find as the first example here:
>> http://www.pobox.com/~qed/userInput.html
>>>Please feel free to use it in lieu of the upcoming standard which will
make its usage obsolete.
Isn't there a buffer overrun vulnerability in the
fgetstralloc( ) function? Look carefully at the second
argument of the first call to getInputFrag().
Its 64. getInputFrag(*, 64,*,*,*) never writes to more than 64 chars
(the extra '\0' only comes when the input is <= 64 in length; unlike
strncat, this is ok because the length read is always explicitly
returned), and the buffer passed (char blk[64]) in is 64 chars in
length. So ... what am I missing?
Nothing, I guess. I must have been confused by the
convoluted style. (Well, if it confuses me then it *must*
be convoluted, right?)
Still seems an awfully arcane way to skip and count
characters, though.
-- Er*********@sun .com
Malcolm McLean said:
<snip>
It is possible,
though rather difficult, to implement a safe gets(), that is to say one
that always terminates the program with an error message if the buffer is
exceeded.
Show me.
What is not possible to is implement is a safe fgets(), that is to say,
one that can be used safely given the limitations of the average human
programmer.
The fgets function is very easy to use safely.
--
Richard Heathfield <http://www.cpax.org.uk >
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999
In article <sl************ *******@nospam. com>, CJ <no****@nospam. comwrote:
>On 16 Nov 2007 at 20:47, ja*********@ver izon.net wrote:
>It's trivial to replace any call to gets() with a similar call to
fgets() with minor modifications to the surrounding code, and that
change is sufficient to completely avoid the buffer overruns. I don't
know of any legitimate reason for not doing so.
It's much more typing!
If that's what you're worried about, why aren't you using Perl?
dave
"Richard Heathfield" <rj*@see.sig.in validwrote in message
>It is possible,
though rather difficult, to implement a safe gets(), that is to say one
that always terminates the program with an error message if the buffer is
exceeded.
Show me.
We'll declare that pointer cosist of three values - the address, the start
of the object, and the end of the object.
Now in the write to array code we specify that if the address execceds the
end of the object, the program is to terminate with an error meaage.
With this device we have a perfectly safe gets() fucntion. It cannot return
an incorrect string, or corrupt another variable, or put little elves on
screen. It can only fill the buffer correctly or report that it has been
exceeded.
>
>What is not possible to is implement is a safe fgets(), that is to say,
one that can be used safely given the limitations of the average human
programmer.
The fgets function is very easy to use safely.
Time after time it has been shown that this is not the case. Very often
people treat incomplete reads as full lines. So if the line contains a drug
dose your fgets() - enabled machine might deliver only one tenth of the
amount needed, given an off by one line length error.
--
Free games and programming goodies. http://www.personal.leeds.ac.uk/~bgy1mm
Malcolm McLean said:
>
"Richard Heathfield" <rj*@see.sig.in validwrote in message
>>It is possible,
though rather difficult, to implement a safe gets(), that is to say one
that always terminates the program with an error message if the buffer
is exceeded.
Show me.
We'll declare that pointer cosist of three values - the address, the
start of the object, and the end of the object.
I look forward to your reference implementation.
<snip>
>>What is not possible to is implement is a safe fgets(), that is to say,
one that can be used safely given the limitations of the average human
programmer.
The fgets function is very easy to use safely.
Time after time it has been shown that this is not the case.
You can misuse *anything* if you try hard enough. You have to try
reasonably hard to misuse fgets, whereas to misuse gets you only need call
it.
Very often
people treat incomplete reads as full lines.
Very often people drive at 40 in a 30. That does not mean it is difficult
to drive at 30.
--
Richard Heathfield <http://www.cpax.org.uk >
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999
On Fri, 16 Nov 2007 23:19:12 +0000, Malcolm McLean wrote:
"Richard Heathfield" <rj*@see.sig.in validwrote in message
>>It is possible,
though rather difficult, to implement a safe gets(), that is to say
one that always terminates the program with an error message if the
buffer is exceeded.
Show me.
We'll declare that pointer cosist of three values - the address, the
start of the object, and the end of the object.
So, in
struct S {
char c[10];
int i;
} s;
does a pointer to s.c store the end as &s.c[10]? Or does it store the end
as &s + 1? If the former, there are cases where it's simply not clear at
all where the buffer ends. If the latter, it doesn't prevent writing past
the end of the buffer.
I do agree that bounded pointers would be useful, but C being what it is,
I don't believe it's possible to make it completely safe.
"Harald van Dijk" <tr*****@gmail. comwrote in message
On Fri, 16 Nov 2007 23:19:12 +0000, Malcolm McLean wrote:
>"Richard Heathfield" <rj*@see.sig.in validwrote in message
>>>It is possible,
though rather difficult, to implement a safe gets(), that is to say
one that always terminates the program with an error message if the
buffer is exceeded.
Show me.
We'll declare that pointer cosist of three values - the address, the
start of the object, and the end of the object.
So, in
struct S {
char c[10];
int i;
} s;
does a pointer to s.c store the end as &s.c[10]? Or does it store the end
as &s + 1? If the former, there are cases where it's simply not clear at
all where the buffer ends. If the latter, it doesn't prevent writing past
the end of the buffer.
A pointer to s.c would have to store the end as &s.c[10].
It is illegal to convert from a struct S * to a char *, except in the niggly
case of a char or char array being the first member, in which case it must
have the same address as the whole struct. So the compiler does in fact have
to be very clever.
however char *ptr = (char *) (void *) &s;
is I think still illegal. So you cannot defeat the system with a intricate
list of void * intermediates.
--
Free games and programming goodies. http://www.personal.leeds.ac.uk/~bgy1mm
On Sat, 17 Nov 2007 00:28:43 +0000, Malcolm McLean wrote:
"Harald van Dijk" <tr*****@gmail. comwrote in message
>On Fri, 16 Nov 2007 23:19:12 +0000, Malcolm McLean wrote:
>>"Richard Heathfield" <rj*@see.sig.in validwrote in message
It is possible,
though rather difficult, to implement a safe gets(), that is to say
one that always terminates the program with an error message if the
buffer is exceeded.
Show me.
We'll declare that pointer cosist of three values - the address, the
start of the object, and the end of the object.
So, in
struct S {
char c[10];
int i;
} s;
does a pointer to s.c store the end as &s.c[10]? Or does it store the
end as &s + 1? If the former, there are cases where it's simply not
clear at all where the buffer ends. If the latter, it doesn't prevent
writing past the end of the buffer.
A pointer to s.c would have to store the end as &s.c[10].
Okay, so then you can't get back the original &s?
struct S {
char c[10];
int i;
} s[2];
char *p = &s[1].c[0];
The range for p would be &s[1].c[0] through &s[1].c[10], but I don't
believe there's anything non-standard about casting p to struct S *, and
subtracting 1. (With a stricter reading of the standard, you might need
to cast p to char(*)[10], and only then to struct S, but this doesn't
change anything important.)
It is illegal
to convert from a struct S * to a char *,
It's allowed for two reasons here. Firstly, *any* object can be addressed
as an array of char. Given int i, ((char *) &i) through (char *) &i +
sizeof i are all valid pointers. Given struct S s, (char *) &s + sizeof s
are all valid pointers. The second reason you mention below.
except in the niggly case of a
char or char array being the first member, in which case it must have
the same address as the whole struct. So the compiler does in fact have
to be very clever.
It has to be able to construct data that is no longer available.
however char *ptr = (char *) (void *) &s;
is I think still illegal. So you cannot defeat the system with a
intricate list of void * intermediates.
Well, this specific example is legal, but I think I get the point you're
making here, and I agreed already that bounded pointers, even while not
perfect, are useful.
jacob navia wrote:
Keith Thompson wrote:
[...]
>I'm afraid that gets() is going to be around for a very long time.
It's still up to each of us, as programmers, to avoid using it.
jacob, if you really thing gets() will "disappear shortly", I'd be
interested in your reasoning.
Nothing, just hopes that now that is deprecated, people will
stop using it, and it will disappear in a few years.
Alas, hoping won't make it happen. As I said, any implementation that
claims to conform to any C standard, up to and including C99, *must*
provide gets().
--
Keith Thompson (The_Other_Keit h) <ks***@mib.or g>
Looking for software development work in the San Diego area.
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister" This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Michael Sig Birkmose |
last post by:
Hi everyone!
Does anyone know, if it is possible to meassure the maximum stack usage of
a C program throughout it's entire execution?
--
Michael Birkmose
|
by: Lee |
last post by:
Hi
Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). Is this due to the
possibility of array overflow? Is it correct that the program flow can
be altered by giving some specific calculated inputs to gets()? How
could anyone do so once the executable binary have been generated? I
have heard many of the security problems and other bugs are due to
array overflows.
|
by: Cuthbert |
last post by:
After compiling the source code with gcc v.4.1.1, I got a warning
message:
"/tmp/ccixzSIL.o: In function 'main';ex.c: (.text+0x9a): warning: the
'gets' function is dangerous and should not be used."
Could anybody tell me why gets() function is dangerous??
Thank you very much.
Cuthbert
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
