473,574 Members | 2,442 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Why is it dangerous?

'evening.

I'm not new to C and have been programming in it since I was 8 but
here's a strange problem I've never seen before.

When I compile a program from our C course with a windows compiler
there is no problem but when I try to compile it with a linux compiler
it complains that

a_03.c:(.text+0 x4d): warning: the `gets' function is dangerous
and should not be used.

Is linux more dangerous than windows? Where can I download a
non dangerous gets function? I have never used gets before is
there undefined behavior somewhere?
Here is a trimmed down example program from my assignment that
demonstrates the problem

#include <stdio.h>
#include <malloc.h>

void main()
{
char *string;
printf("enter string (max 2000 chars): ");
fflush(stdin);
fflush(stdout);
string = (char *)malloc(2001);
if(!string) exit(1);
gets(string);
printf("you entered: %s\n", string);
free(string);
exit(0);
}

On windows with TurboC and Lcc no error is printed. On linux with
gcc it says gets is dangerous.

Please advise my instructor says gcc is overly pedantic.
Aug 10 '08
233 8522

"Gordon Burditt" <go***********@ burditt.orgwrot e in message
There is no non-dangerous gets() function with the same interface.
The non-dangerous function is called fgets().
This is a hardy annual.
Of course fgets() can be used safely, but won't be. For instance Richard
Heathfield posted a dangerous use of fgets() in this very thread. It will
give the wrong answer if the user enters a string of over 2000 characters.
Of course it is not dangerous in a little exercise program that doesn't do
anything, but then neither is gets().

To use fgets() safely you must check for the newline. If it is not present a
buffer overflow occurred. So you must then take action against the buffer to
ensure that the next read doesn't get the remainder of the previous line.

--
Free games and programming goodies.
http://www.personal.leeds.ac.uk/~bgy1mm

Aug 10 '08 #11
Harald van Dijk wrote:
On Sun, 10 Aug 2008 13:27:34 +0530, santosh wrote:
>CBFalconer wrote:
>>Correction: That omits many useful tests. I suggest:

gcc -W -Wall -ansi -pedantic

for better error detection.
I would also recommend:
[...]
-Wwrite-strings

I would not, since it deliberately makes the compiler nonconforming. For
those that understand in what ways, it can be useful, but they can find
the option themselves. CBFalconer included that option in his
recommendations recently, and I'm glad he dropped it.
Even so, it would save a lot of noise here if it where the default in gcc!

--
Ian Collins.
Aug 10 '08 #12
"Malcolm McLean" <re*******@btin ternet.comwrite s:
"Gordon Burditt" <go***********@ burditt.orgwrot e in message
>There is no non-dangerous gets() function with the same interface.
The non-dangerous function is called fgets().
This is a hardy annual.
Of course fgets() can be used safely, but won't be. For instance
Richard Heathfield posted a dangerous use of fgets() in this very
thread. It will give the wrong answer if the user enters a string of
over 2000 characters.
You have allowed yourself to slip into polemic. It is not clear, at
least to me, what the right answer is so you are stretching the point
-- be careful with fgets and long lines -- by saying that the answer
is "wrong" and the use "dangerous" .

--
Ben.
Aug 10 '08 #13
On 10 Aug 2008 at 0:59, Richard Heathfield wrote:
Julian said:
>a_03.c:(.text+ 0x4d): warning: the `gets' function is dangerous
and should not be used.

The functionality of gets() is defined by ISO; it takes a pointer to
the first character in a buffer, and stores an entire line from stdin
into that buffer, *regardless of the buffer's size*!! There is no safe
way to use such a function.
Of course, this is nonsense. There is a perfectly safe way to use
gets(), namely by being in control of what appears on stdin. Here in the
real world, people write all sorts of scraps of in-house code to run
once and forget about. They use fscanf() without elaborate error
checking, because they are 100% sure of the format of the input files.
gets() is no different.

Of course, in any production code, or any code at all where someone
other than the programmers will be able to decide what appears on stdin,
then gets() should not be used, the return value of p=malloc(10) should
be checked, etc. etc.

Instead of gets(), use whatever safe function is available on your
platform. For example, on GNU systems there is a getline() function
provided by stdio.h, which will dynamically allocated a big enough
buffer using malloc(). Or, roll your own getline function if portability
is a big issue for you.

Aug 10 '08 #14
Richard Heathfield <rj*@see.sig.in validwrites:
Julian said:
>'evening.

I'm not new to C and have been programming in it since I was 8 but
here's a strange problem I've never seen before.

When I compile a program from our C course with a windows compiler
there is no problem but when I try to compile it with a linux compiler
it complains that

a_03.c:(.text+ 0x4d): warning: the `gets' function is dangerous
and should not be used.

Is linux more dangerous than windows?

No. Your Linux compiler warned you about a dangerous function that should
never be used.
Total and utter nonsense. C is used all over the place for creating
elements which are under strict control and the program/process/function
has a totally controlled and defined input stream. In those scenarios
gets is used flawlessly in millions of programs around the world.

if you can NOT define the input then I would agree. But in the real
world the input is indeed guarenteed in a properly functioning
system. if the system isn't well defined then all "bets are off" since
you can pretty much be sure that undefined behaviour/input has already
compromised the process pipeline.
Aug 10 '08 #15
santosh wrote:
CBFalconer wrote:
>Ian Collins wrote:
>>Julian wrote:

Please advise my instructor says gcc is overly pedantic.

As Richard said, the opposite is true unless you invoke gcc with
the correct options. That's why it has a -pedantic option!

As a learner using gcc, you should use

gcc -ansi -Wall -pedantic

as a minimum set of options. Substitute '-std=c99' for '-ansi'
if you are learning C99.

Correction: That omits many useful tests. I suggest:

gcc -W -Wall -ansi -pedantic

for better error detection.

I would also recommend:

-Wfloat-equal
-Wshadow
-Wpointer-arith
-Wbad-function-cast
-Wcast-qual
-Wcast-align
-Wwrite-strings
-Wstrict-prototypes
-Wold-style-definition
-Wmissing-prototypes
-Wredundant-decls
-Wunreachable-code
I wouldn't, although those may be useful. The OP is obviously a
newbie, and is not going to remember all that. It is only useful
when implemented via an alias, a script, or a makefile, etc. What
I recommended is a minimum to ensure reasonably correct standard C
code.

--
[mail]: Chuck F (cbfalconer at maineline dot net)
[page]: <http://cbfalconer.home .att.net>
Try the download section.
Aug 10 '08 #16
Malcolm McLean wrote:
"Gordon Burditt" <go***********@ burditt.orgwrot e:
>There is no non-dangerous gets() function with the same interface.
The non-dangerous function is called fgets().

This is a hardy annual. Of course fgets() can be used safely, but
won't be. For instance Richard Heathfield posted a dangerous use of
fgets() in this very thread. It will give the wrong answer if the
user enters a string of over 2000 characters. Of course it is not
dangerous in a little exercise program that doesn't do anything,
but then neither is gets().

To use fgets() safely you must check for the newline. If it is not
present a buffer overflow occurred. So you must then take action
against the buffer to ensure that the next read doesn't get the
remainder of the previous line.
Or just get the remainder of the line. No overflow has occurred.

And you can avoid all those problems by using the (released to
public domain) ggets() function, available in standard C source
form at:

<http://cbfalconer.home .att.net/downlod/ggets.zip>

ggets gets complete lines, is safe, and has the simplicity of
gets. Malicious users can run the system out of assignable heap
memory, but will normally have to work hard to do so.

--
[mail]: Chuck F (cbfalconer at maineline dot net)
[page]: <http://cbfalconer.home .att.net>
Try the download section.
Aug 10 '08 #17
santosh wrote:
Harald van D?k wrote:
>santosh wrote:
>>CBFalconer wrote:

Correction : That omits many useful tests. I suggest:

gcc -W -Wall -ansi -pedantic

for better error detection.

I would also recommend:
[...]
-Wwrite-strings

I would not, since it deliberately makes the compiler nonconforming.
For those that understand in what ways, it can be useful, but they
can find the option themselves. CBFalconer included that option in
his recommendations recently, and I'm glad he dropped it.

Thanks for that. I do remember that subthread now, but I passed over
it, being pressed for time. Now, to the Google Groups archive...
I didn't drop it. I conceded your 'non-standard' point. I
maintain that, for new code, including it will result in better
code, and maintain conformity. It may object to some actually
conforming code.

--
[mail]: Chuck F (cbfalconer at maineline dot net)
[page]: <http://cbfalconer.home .att.net>
Try the download section.
Aug 10 '08 #18
Richard wrote:
Richard Heathfield <rj*@see.sig.in validwrites:
>Julian said:
>>'evening.

I'm not new to C and have been programming in it since I was 8 but
here's a strange problem I've never seen before.

When I compile a program from our C course with a windows compiler
there is no problem but when I try to compile it with a linux
compiler it complains that

a_03.c:(.text +0x4d): warning: the `gets' function is dangerous
and should not be used.

Is linux more dangerous than windows?

No. Your Linux compiler warned you about a dangerous function that
should never be used.

Total and utter nonsense. C is used all over the place for creating
elements which are under strict control and the
program/process/function has a totally controlled and defined input
stream. In those scenarios gets is used flawlessly in millions of
programs around the world.

if you can NOT define the input then I would agree. But in the real
world the input is indeed guarenteed in a properly functioning
system. if the system isn't well defined then all "bets are off" since
you can pretty much be sure that undefined behaviour/input has already
compromised the process pipeline.
I wonder, can you give examples of sources of perfectly controlled and
defined input? Certainly disk files can be tampered, as can pipes,
sockets and almost every other device. Why risk it with gets when fgets
is just as easy and safer?

Aug 10 '08 #19
On Sun, 10 Aug 2008 13:27:34 +0530, santosh wrote:
CBFalconer wrote:
>Correction: That omits many useful tests. I suggest:
gcc -W -Wall -ansi -pedantic
for better error detection.

I would also recommend:
[...]
-Wpointer-arith
This is redundant, since it's already enabled by -pedantic.

Aug 10 '08 #20

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

101
3298
by: Bill Cunningham | last post by:
I read an article in a book about Perl and Common Gateway Interface and it mentioned C. It said that C could damage your computer. I don't know wether it meant the standard or compiler issuses. I was a little upset. Well more upset. I sent Dennis Ritchie and email. I don't know if he'll respond if he gets it. Sometimes he does sometimes not....
1
2820
by: b83503104 | last post by:
When are they not consistent?
4
1295
by: cesark | last post by:
Hi ! I have important doubts about how to handle the security in asp.net vb.net web forms. Somebody can help me? 1. If you have setting ‘validateRequest=true’ in .net framework1.1, What can do you do to improve the security? Because although you have validations on server side you can enter dangerous characters in a text field, with the...
302
18356
by: Lee | last post by:
Hi Whenever I use the gets() function, the gnu c compiler gives a warning that it is dangerous to use gets(). Is this due to the possibility of array overflow? Is it correct that the program flow can be altered by giving some specific calculated inputs to gets()? How could anyone do so once the executable binary have been generated? I...
6
7441
by: Brendan | last post by:
Hi, I'm trying to mimic the IPC/messaging system of an specific OS in a portable way by using GCC's library. The IPC system uses buffered asynchronous messages, where any thread can send a message to any other thread (i.e. to the "threadID") without blocking, and the receiver does any security checks necessary. I'm trying to implement...
10
9309
by: lovecreatesbea... | last post by:
C stops the conversion from (char **) to (const char **). c-faq.com sec 11.10 has explanation on this point. But, for example, even the conversion from (char *) to (const char *) brings the same dangerous as in the previous conversion. Why the latter simple but dangerous one is allowed in C? $ cat f1.c int main(void) { const char c...
6
3568
by: Thomas.li | last post by:
Hi, I want to convert CString to LPBYTE like LPBYTE lpByte = (BYTE*)(LPCTSTR)cstring; is it very dangerous to do that?
0
7747
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
8262
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7843
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
8129
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6498
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
5643
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
3768
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
1
2262
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1364
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.