cross-posted from: https://lemm.ee/post/4890334
cross-posted from: https://lemm.ee/post/4890282
let’s say I have this code
` #include #include char name[50]; int main(){ fgets(name,50,stdin); name[strcspn(name, “\n”)] = ‘\0’; printf(“hi %s”, name); }
` and I decide my name is “ewroiugheqripougheqpiurghperiugheqrpiughqerpuigheqrpiugherpiugheqrpiughqerpioghqe4r”, my program will throw some unexpected behavior. How would I mitigate this?
And, mind you,
fgetsis the safer replacement to the originalgets, which attempts to read a variable-length line into a fixed-length buffer.The manual has this to say about
gets—BUGS Never use gets(). Because it is impossible to tell without knowing the data in advance how many characters gets() will read, and because gets() will continue to store characters past the end of the buffer, it is extremely dangerous to use. It has been used to break computer se‐ curity. Use fgets() instead.Why is this even still in the library 🥲
Twenty years ago it kind of made sense. Ok it’s bad, but sometimes we’re just reading a local file fully under our control, maybe from old code that the source doesn’t exist anymore for, it’s such a core function that taking it out however badly needed will have some negative consequences.
At this point though, I feel like calling it should just play a loud, stern “NO!” over your speakers and exit the program.
The linker will complain at you —
dumb.c:(.text+0x2f): warning: the `gets' function is dangerous and should not be used.