Re: gets() is dead

Charles Richmond wrote:
Tor Rustad wrote:
jacob navia wrote:

[...]

This is a very positive development. After all those discussions,
reason prevailed and we got rid of that wart.

These days, there should be no experienced C programmers using gets()
in security sensitive programs anyway, so I don't see the big fuzz about
this.

I have done a number of C code audits in safety-critical systems, and never
seen a single gets(), and didn't expect such a trivial bug either.

Who cares what students use?

I don't.


Hey, I use gets() all the time in "quick and dirty"
programs. I have some programs that take data in
flat files and create scripts of SQL statements to
add the data to a MySQL database. I just can *not*
see how gets() is going to cause me a security problem
here.

Also, in writing an adventure game or any other game
without secure access, that using gets() is okay.

But gcc still dogs me about using gets(). :-( I could
deal with a warning message, but gcc incorporates code
to print out a nasty message *every* time I run my code.
No fair... ;-)

gcc incorporates no such code, and if your particular standard C
library implementation does, it's broken. See if an upgrade is
available.

.