gets, fgets, scanf none is safe...

K

Keith Thompson

jaysome said:
The function gets() does not have an input size. But that didn't stop
the authors of the C standard from defining gets() to return a
pointer. If the return value is NULL, a read error occurred, and the
array contents are indeterminate. This implies that you must always
check the return value of gets(), if you want to avoid accessing an
array contents that is indeterminate.
Click to expand...

Yes, but checking the return value of gets() is not sufficient. If
gets() overflows its buffer, it's likely to do so silently, returning
a valid pointer to indicate success but giving no indication that it's
just clobbered some critical data. Applying strlen() to the result
might tell you that an overflow occurred, but by then it's far too
late.

Checking the return value of gets() is like checking your fuel gauge
after your car has crashed. It *might* tell you something useful, but
you have to consider the possibility that the gauge itself was damaged
in the crash. (In a more apt analogy, you wouldn't be sure whether
the car has crashed or not.)
You can and should avoid the pitfalls of gets() (accessing an array
contents that is indeterminate, and undefined behavior), by not using
gets().
Click to expand...

Indeed.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Scanf is being prioritized over printf ? 1
Using fgets 1
Fibonacci 0
A process take input from /proc/<pid>/fd/0, but won't process it 0
fgets 1
Problem with scanf 7
C language. work with text 3
scanf internals 11

Members online

No members online now.
Total: 26 (members: 0, guests: 26)
Robots: 129

Forum statistics

Threads
473,773
Messages
2,569,594
Members
45,117
Latest member
Matilda564

Latest Threads

Top