[ale] gets() in C++
Eric Z. Ayers
eric.ayers at mindspring.com
Tue Jun 27 19:36:52 EDT 2000
gets() is unsafe in any language, because you pass a buffer to it, and
gets() can't tell how long the buffer is. The danger is that the
stream you are reading from might intentionally exploit this and
overrun the end of your statically sized buffer allocated on the stack
and proceed to write its own instructions in its place. Use fgets()
instead. It does the same thing, but you pass it the size of the
buffer. Better yet, use some C++ ism like the functions in iostream.h.
-Eric.
David S. Jackson writes:
> Can anyone tell me why using gets() in C++ might be unsafe? When
> I compile a C++ program using it I get a warning from a compiler
> in FreeBSD that says: Program uses gets(); this might be unsafe.
>
> I'm just using c++ -o string string.cc for an invocation.
>
> Sheesh! :-(
>
> --
> David S. Jackson http://www.dsj.net
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Fear of misfortune is worse than misfortune itself.
> --Najile S. Khoury
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list