Re: gets() is dead


"Keith Thompson" <kst-u@xxxxxxx> wrote in message

If you insist on writing unsafe code, nobody can stop you.

Actually the compiler can. It is possible, though unfortunately not easy, to write a compiler that handles buffer overflows on gets() correctly and safely, by terminating the program with an error message.

It's
trivial to write your own function that works the same way gets()
does. (It's also trivial to write an equivalent of gets() that
doesn't have the same problem, something like fgets() that deletes the
trailing '\n' character.)

You haven't read the subthread. If it was trivial to use fgets() safely then peole wouldn't have had such trouble creating correct code. Chuck Falconer's ggets() does actually appear to work, but look at the number of conditions in the code he posted. You'd expect at least one bug in code of that complexity until after thorough testing.
The problem with code that does the wrong thing, as opposed to code that invokes undefined behaviour, is that the compiler is obliged to honour a controlled flight into terrain. If you tell the computer to read only the first 10 digits of an 11-digit field, because you've forgotten space for the NUL in passing MAXLINLEN to fgets(), then the computer is obliged to return a value that is out by a factor of ten. If you tell it to overrun the buffer by one, it may return a number out by a factor of ten, but it will probably crash, we can write a compiler that guarantees it will crash, and it is almost certainly better that it crash than that it calculate the wrong value.

But if you want to shoot yourself in the foot, don't expect us to load
the gun for you. We just *might* unknowingly run your code ourselves
some day. And if your problem with C is that it does too much to
prevent buffer overflows, I'd rather not do that.

--
Free games and programming goodies.
http://www.personal.leeds.ac.uk/~bgy1mm


.

Relevant Pages

  • Re: why this program is not crashing
    ... but in general it is whatever the compiler ... static, it could reorder them, possibly on the basis of when they are ... detection of buffer overflows, ... > that may be why it didn't crash in your system. ...
    (comp.lang.c)
  • Re: where is the lisp operating system?
    ... Symbolics did provide a C compiler. ... listener, runtime checks (no buffer overflows), getting into the ...
    (comp.lang.lisp)
  • Re: How do I find where my application is crashing
    ... obvious when compiled as a Release build because of optimizations and ... Try reducing the compiler and linker optimization settings 1 by 1 ... > simply crashing but with no signs/details on where the crash is occuring. ... > server is running on a Win2K3 host. ...
    (microsoft.public.dotnet.general)
  • Re: security issues with forth
    ... sloppy, because they'll be taken care of. ... omniscient compiler" you are talking about. ... One crash and they get the point. ...
    (comp.lang.forth)
  • Re: Random crashes
    ... > out what is causing a random crash? ... code ("compiler warns about ... ... - Some libraries, including standard libraries, come with debugging ... versions or you can obtain some debugging version. ...
    (comp.lang.cpp)