LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 05-27-2010, 12:02 AM   #16
graemef
Senior Member
 
Registered: Nov 2005
Location: Hanoi
Distribution: Fedora 13, Ubuntu 10.04
Posts: 2,379

Rep: Reputation: 148Reputation: 148

Here is a version of the code:
Code:
#include<stdio.h>
int main()
{
   char str[10];
   int size = 10;
   gets(str);
   printf("message: '%s'. Size: %d\n",str,size);
   return 0;
}
I can compile it as follows:
Code:
$ gcc test.c
/tmp/ccgy3XXc.o: In function `main':
test.c:(.text+0x19): warning: the `gets' function is dangerous and should not be used.
And then run it...
Code:
$ ./a.out
Hello
message: 'Hello'. Size: 10
$ ./a.out
Hello World
message: 'Hello World'. Size: 100
Notice how when I run it a second time the size changes from 10 to 100. This is (as many others have said) because gets doesn't limit the size of the input. I have entered more than the 10 characters that str can hold and so the data overflows into (in this case) the next variable which just happens to be size. Which I hope explains the warning message.

So if gets() is out what should be used? Again as already mentioned fgets() fills the role in a safer way.
Code:
#include<stdio.h>
int main()
{
   char str[10];
   int size = 10;
   fgets(str,size,stdin);
   printf("message: '%s'. Size: %d\n",str,size);
   return 0;
}
compile thusly:
Code:
$ gcc test.c
and no warnings looking good...
Code:
$ ./a.out
Hello
message: 'Hello
'. Size: 10
$ ./a.out
Hello World
message: 'Hello Wor'. Size: 10
The good news is that no more than size -1 characters are read in and so the memory is not being stomped all over. The not so wonderful news is that the new line character is retained if it was reached and I don't know if I have reached the end of the input.

These limitations can be addressed by using the strlen() function and then looking for the newline character. Left as an exercise

Last edited by graemef; 05-27-2010 at 12:05 AM.
 
Old 05-27-2010, 02:58 AM   #17
smeezekitty
Senior Member
 
Registered: Sep 2009
Location: Washington U.S.
Distribution: M$ Windows / Debian / Ubuntu / DSL / many others
Posts: 2,339

Rep: Reputation: 231Reputation: 231Reputation: 231
^ pfffft - you worry about everything so much.
Those who want security at the expense of freedom [to use any function you want], deserve neither. -Benjamin Franklin
 
Old 05-27-2010, 03:15 AM   #18
graemef
Senior Member
 
Registered: Nov 2005
Location: Hanoi
Distribution: Fedora 13, Ubuntu 10.04
Posts: 2,379

Rep: Reputation: 148Reputation: 148
Quote:
Originally Posted by smeezekitty View Post
^ pfffft - you worry about everything so much.
Those who want security at the expense of freedom [to use any function you want], deserve neither. -Benjamin Franklin
If too much data is entered into the gets() function you will get a segmentation fault. Given that as the developer you don't know how much data will be entered the use of gets() can result in an unstable program. It's not just about security it's also about stability.
 
Old 05-28-2010, 10:39 AM   #19
bigearsbilly
Senior Member
 
Registered: Mar 2004
Location: england
Distribution: Mint, Armbian, NetBSD, Puppy, Raspbian
Posts: 3,515

Rep: Reputation: 239Reputation: 239Reputation: 239
use fgets instead of gets

char *fgets(char *s, int size, FILE *stream);

try man gets

if not get the C man pages installed on your system.
unfortunately some distros don't have them default.

which is crap IMHO.

a char * is not the same as a char buffer[SZ]

a char * points to a single character which may or may not be part of a
larger array.

a char * uninitialised points nowhere useful and probabably somewhere illegal
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Sound Card problem(every time i install linux i have diffirent hardware problem) jacka1l Linux - Newbie 7 08-11-2005 06:10 AM
Redhat (rhel v2.1) bootup problem with linux (linux vs linux-up) namgor Linux - Software 2 06-24-2004 02:49 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 10:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration