retiring gets(3)
Rob Bernardo
rob at pbhyf.PacBell.COM
Fri Nov 11 10:22:25 AEST 1988
Doug Gwyn:
+By the way, have you removed scanf() from your C library as well? Or
+sprintf()? Or strcpy()? They can be misused in the same way as gets().
+Let us know how happy your customers are once ALL such routines are gone.
Wallis:
+Actually, I don't understand the argument that
+gets() should be removed because it can overrun
+the buffer. What's to prevent the following (and
+how is it different from gets?):
+
+ char some_string[10];
+
+ fgets( some_string, 2147483647, stdin );
I think we need to make a distinction between three similar but different
situations.
1. One set of functions (e.g. gets()) deal with file input of indeterminate
size.
2. Other functions (e.g. fgets()) deal with file input of limited size.
3. Yet other functions (e.g. strcpy()) deal with data internal to the program.
In order to guarantee that the buffer used by functions of type 1 will not
overflow, the programmer has to guarantee something *outside* the program:
that none of the lines in the file being read will ever exceed the buffer size.
Often the programmer cannot guarantee this.
But with functions of type 2 and 3, the programmer merely has to size things
*within* the program appropriately. The programmer *always* has the
capability to do this.
Scanf() and fscanf() can fit into type 1 or type 2 depending on whether
a field width is used in each conversion specification.
--
Rob Bernardo, Pacific Bell UNIX/C Reusable Code Library
Email: ...![backbone]!pacbell!pbhyf!rob OR rob at pbhyf.PacBell.COM
Office: (415) 823-2417 Room 4E750A, San Ramon Valley Administrative Center
Residence: (415) 827-4301 R Bar JB, Concord, California
More information about the Comp.lang.c
mailing list