Why is the gets function so dangerous that it should not be used?

In order to use gets safely, you have to know exactly how many characters you will be reading, so that you can make your buffer large enough. You will only know that if you know exactly what data you will be reading.

Instead of using gets, you want to use fgets, which has the signature

char* fgets(char *string, int length, FILE * stream);

(fgets, if it reads an entire line, will leave the '\n' in the string; you’ll have to deal with that.)

gets remained an official part of the language up to the 1999 ISO C standard, but it was officially removed in the 2011 standard. Most C implementations still support it, but at least gcc issues a warning for any code that uses it.

Related Posts:

  1. Why do I get an assertion failure?
  2. Difference between scanf() and fgets()
  3. How to read from stdin with fgets()?
  4. Why I do get “Cannot find bound of current function” when I overwrite the ret address of a vulnerable program?
  5. Removing trailing newline character from fgets() input
  6. Reaching EOF with fgets
  7. Implementing Taylor Series for sine and cosine in C
  8. warning: implicit declaration of function
  9. pthread_join() and pthread_exit()
  10. Why should we typedef a struct so often in C?
  11. What is the difference between ++i and i++?
  12. Undefined reference to pthread_create in Linux
  13. Stack smashing detected
  14. Why am I getting “void value not ignored as it ought to be”?
  15. Pointer Arithmetic
  16. dereferencing pointer to incomplete type
  17. Openssl : error “self signed certificate in certificate chain”
  18. Get a substring of a char* [duplicate]
  19. How do I create an array of strings in C?
  20. How do function pointers in C work?
  21. Expression must be a modifiable L-value
  22. “Expected expression before ‘ { ‘ token”
  23. How to generate a random int in C?
  24. How do I use valgrind to find memory leaks?
  25. C pointers and arrays: [Warning] assignment makes pointer from integer without a cast
  26. What is the difference between char s[] and char *s?
  27. Error “initializer element is not constant” when trying to initialize variable with const
  28. munmap_chunk(): invalid pointer
  29. What is the LD_PRELOAD trick?
  30. What is the argument for printf that formats a long?
  31. Cannot assign requested address – possible causes?
  32. Using %s in C correctly – very basic level
  33. How do you make an array of structs in C?
  34. need help understanding the movzbl call in this function
  35. What is the difference between read and pread in unix?
  36. What does “control reaches end of non-void function” mean?
  37. How to create my own header file in c++?
  38. connect Error: “No route to host”
  39. warning: implicit declaration of function
  40. C dynamically growing array
  41. Returning string from C function
  42. Difference between int32, int, int32_t, int8 and int8_t
  43. Char Comparison in C
  44. C compile error: “Variable-sized object may not be initialized”
  45. What does WEXITSTATUS(status) return?
  46. Difference between a Structure and a Union
  47. Xcode – Warning: Implicit declaration of function is invalid in C99
  48. what is the unsigned datatype?
  49. lvalue required as left operand of assignment
  50. how to convert negative hexadecimal to decimal
  51. Why am I getting “undefined reference to sqrt” error even though I inclu de math.h header?
  52. Reading a string with scanf
  53. How to initialize a struct in accordance with C programming language standards
  54. Expression preceding parentheses?
  55. Linux equivalent of I_PUSH
  56. Understanding INADDR_ANY for socket programming
  57. getopt_long() — proper way to use it?
  58. C read file line by line
  59. The Definitive C Book Guide and List[
  60. When is it a good idea to use strdup (vs malloc / strcpy)
  61. C read file line by line
  62. Copying a part of a string (substring) in C
  63. expression must have integral type
  64. Incompatible implicit declaration of built-in function ‘malloc’
  65. Why is %c used in C?
  66. Need more information about Aborted (core dumped)
  67. What is Innermost loop in imperfectly nested loops?
  68. What’s wrong with my code? What is argv[1]?
  69. What can cause a “Resource temporarily unavailable” on sock send() command
  70. How to solve error: expected identifier or ‘(‘
  71. Reversing a string in C
  72. When a number is written as 0x00… what does the x mean
  73. How to remove the character at a given index from a string in C?
  74. waitpid, wnohang, wuntraced. How do I use these
  75. Split string with delimiters in C
  76. How to pause in C?
  77. (.text+0x20): undefined reference to `main’ and undefined reference to function
  78. Why am I getting this error: “data definition has no type or storage class”?
  79. I’m getting “Invalid Initializer”, what am I doing wrong?
  80. Writing binary number system in C code
  81. How to make sense of modulo in c
  82. Error: initializer element is not computable at load time
  83. Convert char array to string use C
  84. warning: passing argument ’from incompatible pointer type [enabled by default]’
  85. Return a `struct` from a function in C
  86. Scanning Multiple inputs from one line using scanf
  87. xorl %eax – Instruction set architecture in IA-32
  88. Which of sprintf/snprintf is more secure?
  89. Allocating char array using malloc
  90. Implementation of strtok() function
  91. switch case: error: case label does not reduce to an integer constant
  92. warning: incompatible implicit declaration of built-in function ‘printf’ [enabled by default]
  93. warning: return makes pointer from integer without a cast but returns integer as desired
  94. The difference between char * and char[] [duplicate]
  95. How to clear input buffer in C?
  96. What primitive data type is time_t? [duplicate]
  97. Usage of \b and \r in C
  98. Parsing command-line arguments in C
  99. Compiler warning – suggest parentheses around assignment used as truth value
  100. lvalue required as increment operand

Leave a Comment