gets(3) nonsense

Litmaath Maarten maart at cs.vu.nl
Thu Nov 17 05:52:14 AEST 1988 

In article <453 at auspex.UUCP> guy at auspex.UUCP (Guy Harris) writes:
\>\"Intended" in what sense?  Somebody put it in there so that people would
\>\deliberately write programs using it, and thus would write programs that
\>\could be made to fail by sending them lines longer than they expect? 
\>
\>Hey people! I just found out somebody put a nasty little program in /bin!
\>It's called `rm'. If you type `rm *', all your files will disappear!
\
\You've totally missed the point.
\
\Somebody might want all the files in a given directory to disappear.  I
\have difficulty imagining anybody who *wants* to write a program that
\blows up when you feed too-long lines at it.

Allright. I tried `clarification through exaggeration', and obviously I failed.
If you want to copy part of a string into a buffer, do you complain you can't
give a count to strcpy()? Or do you say: hey, strcpy() doesn't do what I want,
let's use another function (which happens to be strncpy())?

\>\Or somebody put it in there so that you could avoid the nasty run-time
\>\overhead of checking string bounds?
\>
\>Of course!
\
\"Of course somebody put it in so you can avoide string bounds checking?"
\I dispute this.  Got any references handy to prove your assertion?

No no! "Of course somebody put it in so you can avoid the nasty run-time
overhead!" Indeed, one could doubt if the writer of gets() really had that
very point in mind, but it sure comes in handy right now.

\>If you want security, use fgets()!
\
\I want security.  I want everyone *else* to want security.  I don't want
\programs that die randomly if they get handed lines that are too long. 
\Programs like that are rude.

So use fgets()! You're right insofar that public utilities should use fgets()
(or something equivalent), but there ARE cases in which you can be absolutely
sure how stdin is formatted (or cases in which one simply says: if stdin is
badly formatted, bad luck - YOU f*ck around, YOU get the core dump!).
Read Doug Gwyn's articles on this subject.
-- 
fcntl(fd, F_SETFL, FNDELAY):          |Maarten Litmaath @ VU Amsterdam:
      let's go weepin' in the corner! |maart at cs.vu.nl, mcvax!botter!maart

More information about the Comp.lang.c mailing list