retiring gets(3)
Doug Gwyn
gwyn at smoke.BRL.MIL
Sat Nov 12 13:50:14 AEST 1988
In article <2566 at ihlpm.ATT.COM> snafu at ihlpm.ATT.COM (00704a-Wallis) writes:
-Actually, I don't understand the argument that
-gets() should be removed because it can overrun
-the buffer. What's to prevent the following (and
-how is it different from gets?):
- char some_string[10];
- fgets( some_string, 2147483647, stdin );
The main difference is that the above example would immediately
raise a flag in the mind of almost any competent programmer reading
the code, whereas we have not yet attained that degree of awareness
concerning gets() on uncontrolled sources of input.
strcpy() also is widely abused, so my mentioning it was not spurious.
The solution is not to ban potentially dangerous tools, but to ensure
that people are properly trained in their safe use.
More information about the Comp.lang.c
mailing list