James Dow Allen wrote, On 11/08/08 09:38:
On Aug 10, 6:25 pm, Antoninus Twink <nos...@nospam. invalidwrote:
>>>a_03.c:(.tex t+0x4d): warning: the `gets' function is dangerous
and should [never] be used.
...
Of course, this is nonsense. There is a perfectly safe way to use
gets(), namely by being in control of what appears on stdin.
Heresy! I'm surprised no one launched a diatribe here
against Mr. Twink, so let me offer a diatribe in support!
Six comments on gets().
First, some history. (Some c.l.c'ers weren't
even alive at the time of the infamous Internet
Worm.)
Others were.
<snip>
Perhaps there's a way to disable gcc's "dangerous"
message but, in keeping with the FSF philosophy, I'm
sure the cure is worse than the disease, something like
setenv IM_AN_UNREPENTA NT_MORONIC_ASSH OLE
I suspect the only way to disable it is to do a custom build of gcc.
<snip>
The gets() deprecators aren't wrong; indeed I'll cheerfully
concede that their position is more defensible than mine!
But I'm happy to take a Devil's Advocate position to
encourage critical thinking when I see the preposterous and
dogmatic over-generalizations which become so routine in
this ng. Is gets() a *potential* source of bugs? Obviously.
But I'd love to organize a wager, between me and one of
the pedants, on whose code contains more *actual* bugs.
I'll wager that the number of usages of gets posted to this group where
the input is not under compete control of the poster (a student is not
in control of what his/her instructor types in) is over a hundred times
more than the number of usages where it is under the posters control.
Actually, I suspect the only safe gets usages posted to this group are
posted specifically to point out that with guarantees beyond the scope
of C you can use it safely. Even on the occasions where input is under
my complete control I would use something else.
* - Detractors will argue that what I *should* want to
do is spend hours writing a diagnostic for such malloc()
failures! In fact I don't want to do anything about them
since the smallish malloc()'s I use to build the website
Aren't Going To Fail(tm). (The pedants will respond to
Actually I would not suggest spending hours on it. As it is for personal
use and you are confident it won't fail and would probably just want the
program to abort if it did you could spend a small amount of time
writing a small wrapper that checks the return value and aborts the
program with a failure message if the allocation fails. Not something I
would recommend for general programming, but better than not checking
the value and, if done at the start, will not even cost you 5 minutes.
<snip>
I *might* have changed from gets() to fgets() on some
of my private code if it weren't for the above nit.
(And yes, I *do* know how to do
if (*s == '\n') *s = 0;
in C.)
So write a wrapper function (or macro) that does this. Or (if
appropriate) you could get it to emit a diagnostic if an overlong line
is encountered.
<snip>
Finally, let's note that programming and lawyerism
are different crafts.
Reviewing code is another craft different from both of those.
The Authorities(tm) who post so pedantically in this
ng are often not completely wrong, but their pretentious
comments about gets() show confused thinking.
I disagree. I've seen more bugs more crashes of SW due to doing things
similar to calling gets (writing and using a function which takes user
input with no protection against over-long input) than I've seen safe
uses of gets. Generally when someone posts code here using gets it shows
that they have not even considered the possibility of buffer overflows,
and in such situations surely pointing out the possibility of a buffer
overflow is appropriate?
In
particular, I wonder if some of them are law school
dropouts.
I suspect none of them are.
When I mention the gets()'s that I use, in private,
behind my Impenetrable Firewall(tm), on strings generated
by my own Bugfree Software(tm), they never acknowledge
that some gets()'s are less dangerous than others
but instead reject "safe" usages of gets() based on
I've worked on safety-critical SW (as in real possibility of a person
being killed if it goes wrong) and on SW where a crash would at most
make someone mutter something, so I think I am aware that in some
situations a potential (or real) bug is more serious than in other
situations.
<snip>
If anyone has trouble understanding the absurdity and
hypocrisy of this legalistic view, I refer them to answers
previously given, here in the ng.
I don't consider the view to be hypocritical since I don't use gets in
my code (not even in throw-away code) and if I found it used in code I
was reviewing then I would reject that code.
Also see comments above on the likelihood of someone being aware of the
issues with gets when they post code here that uses it.
Hope this helps, :-)
James Hussein Allen
Here is another argument against using gets. It has now been deprecated
so you are limiting portability if you use it. After all, what with it
being deprecated it might not be available in implementations in 50
years time! ;-)
--
Flash Gordon