cross-posted from: https://lemm.ee/post/4890334

cross-posted from: https://lemm.ee/post/4890282

let’s say I have this code

` #include #include char name[50]; int main(){ fgets(name,50,stdin); name[strcspn(name, “\n”)] = ‘\0’; printf(“hi %s”, name); }

` and I decide my name is “ewroiugheqripougheqpiurghperiugheqrpiughqerpuigheqrpiugherpiugheqrpiughqerpioghqe4r”, my program will throw some unexpected behavior. How would I mitigate this?

  • fubo@lemmy.world
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    1 year ago

    And, mind you, fgets is the safer replacement to the original gets, which attempts to read a variable-length line into a fixed-length buffer.

    The manual has this to say about gets

    BUGS
           Never use gets().  Because it is impossible to tell without knowing the
           data  in  advance  how  many  characters  gets() will read, and because
           gets() will continue to store characters past the end of the buffer, it
           is  extremely dangerous to use.  It has been used to break computer se‐
           curity.  Use fgets() instead.
    
    • mo_ztt ✅@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Why is this even still in the library 🥲

      Twenty years ago it kind of made sense. Ok it’s bad, but sometimes we’re just reading a local file fully under our control, maybe from old code that the source doesn’t exist anymore for, it’s such a core function that taking it out however badly needed will have some negative consequences.

      At this point though, I feel like calling it should just play a loud, stern “NO!” over your speakers and exit the program.

      • fubo@lemmy.world
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        Why is this even still in the library 🥲

        The linker will complain at you —

        dumb.c:(.text+0x2f): warning: the `gets' function is dangerous and should not be used.