473,322 Members | 1,232 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

gets() - dangerous?

Lee
Hi

Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). Is this due to the
possibility of array overflow? Is it correct that the program flow can
be altered by giving some specific calculated inputs to gets()? How
could anyone do so once the executable binary have been generated? I
have heard many of the security problems and other bugs are due to
array overflows.

Looking forward to your replies.
Lee

Dec 24 '05
302 18207

In article <pa****************************@dodo.com.au>, Netocrat <ne******@dodo.com.au> writes:
On Mon, 23 Jan 2006 16:16:11 +0000, Michael Wojcik wrote:
In article <pa****************************@dodo.com.au>, Netocrat
<ne******@dodo.com.au> writes:

The reason I think it's likely to be most acceptable is that it was
developed by the founders of the language. Someone with a mind to
architect a programming language as successful as C is likely to make a
good job of an accompanying style.
I'm not going to advocate for or against a particular style here, but
this argument seems very weak to me. I don't see any evidence to
support the thesis that a language designer is necessarily interested in
style in general.


I was considering C more specifically than that.


Fair enough. However:
I've encountered many
comments on the white book, none of them negative much beyond "it's
probably not so appropriate for total beginners" or "it's very condensed
and requires much consideration". In particular, I've never encountered a
contradiction of the claim that - and have fairly often encountered the
claim itself - the book is elegant in its concise expression of C idiom.
Well, we don't know how representative your sample is, but let's
assume that there's some popular consensus that the "expression of
C idiom", as you put it, in K&R is "elegant".
"Elegant" and "idiom" are close relatives of "style",


I don't think so. That may be because I have a degree in literature
and am married to a rhetorician, but I believe this is a hard thesis
to support. I can see a possible case for defining "style" in terms
of pragmatics, ie as something like "choice of idiom and manner of
its expression in the context of the utterance", but "elegance" is at
best only one possible dimension of style (and a rather nebulous one
at that).

Further, I can see plenty of potential arguments in favor of inelegant
styles (eg ones that advocate certain kinds of verbose description or
adherence to rigidly-defined templates). I might not make such
arguments myself, but they demonstrate that style can be argued at
cross-purposes to elegance.

However, this has gotten pretty far off-topic, and my point was quite
narrow to begin with: I'm not buying your argument for favoring K&R
style, but I don't have any objection to your favoring it, personally
or for the Wiki. And for all I know your argument may seem plausible
to many.
But in the end, it's the editors of the Wiki who are doing the work, and
the decision should be yours.


Any c.l.c reader is a potential editor, so some newsgroup discussion prior
to making a decision helps us make sure it's an appropriate one.


Sure, in principle, and I'm all for discussion, but in practice some
people will be doing the work, and it seems only right to let them
make the decisions - though it's very kind of them to listen to other
opinions.

--
Michael Wojcik mi************@microfocus.com

Advertising Copy in a Second Language Dept.:
The precious ovum itself is proof of the oath sworn to those who set
eyes upon Mokona: Your wishes will be granted if you are able to invest
it with eternal radiance... -- Noriyuki Zinguzi
Jan 26 '06 #301
Al Balmer wrote:
On Thu, 26 Jan 2006 13:29:05 +1300, Ian Collins <ia******@hotmail.com>
wrote:

Mark McIntyre wrote:
As someone else has already mentioned, type placement on a line
by itself allows grep to easily find a defintion when you're faced with
multiple source files (grep ^func *.c) so we can see a few benefits in
doing so.
Sure, but again, who needs such "primitive" tools when sensible editor
suites can do this just as easily :-)


What if you wish to manipulate files outside of you editor?

So, you locate your file with grep. What are you going to do with it?
Edit it with sed?

Why not?

--
Ian Collins.
Jan 26 '06 #302
On Fri, 27 Jan 2006 08:29:14 +1300, in comp.lang.c , Ian Collins
<ia******@hotmail.com> wrote:
Al Balmer wrote:
On Thu, 26 Jan 2006 13:29:05 +1300, Ian Collins <ia******@hotmail.com>
wrote:
What if you wish to manipulate files outside of you editor?


So, you locate your file with grep. What are you going to do with it?
Edit it with sed?

Why not?


Gack.

Time to check your insurance policy - your orthodontist appears to
have slipped, and accidentally removed your frontal lobes...

gd&r
Mark McIntyre
--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it."
--Brian Kernighan

----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
Jan 26 '06 #303

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

32
by: Marcus | last post by:
We all know that the "gets" function from the Standard C Library (which is part of the Standard C++ Library) is dangerous. It provides no bounds check, so it's easy to overwrite memory when using...
57
by: Eric Boutin | last post by:
Hi ! I was wondering how to quickly and safely use a safe scanf( ) or gets function... I mean.. if I do : char a; scanf("%s", a); and the user input a 257 char string.. that creates a...
89
by: Cuthbert | last post by:
After compiling the source code with gcc v.4.1.1, I got a warning message: "/tmp/ccixzSIL.o: In function 'main';ex.c: (.text+0x9a): warning: the 'gets' function is dangerous and should not be...
280
by: jacob navia | last post by:
In the discussion group comp.std.c Mr Gwyn wrote: < quote > .... gets has been declared an obsolescent feature and deprecated, as a direct result of my submitting a DR about it (which...
104
by: jayapal | last post by:
Hi all, Whenever I use the gets() function, the gnu c compiler gives a warning that it is dangerous to use gets(). why...? regards, jayapal.
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.