Re: Why is it dangerous?

In article <3a0u94l248orcmuvn0o61gmjc9vrirkhfn@xxxxxxx>, Barry Schwarz <schwarzb@xxxxxxxx> wrote:
On Sun, 10 Aug 2008 09:27:13 +0100, "Malcolm McLean"
<regniztar@xxxxxxxxxxxxxx> wrote:


"Gordon Burditt" <gordonb.d6qjl@xxxxxxxxxxx> wrote in message
There is no non-dangerous gets() function with the same interface.
The non-dangerous function is called fgets().

This is a hardy annual.
Of course fgets() can be used safely, but won't be. For instance Richard
Heathfield posted a dangerous use of fgets() in this very thread. It will
give the wrong answer if the user enters a string of over 2000 characters.

Any code that does not check the status of "service requests" is
dangerous. But this is a result of sloppy programming. It is not an
inherent property of the request itself as a call to gets() is.

Since gets() returns the same indication both when the input overflows the
buffer allocated for it, and when it doesn't -- thus necessarily precluding
the possibility of any such status check -- it could be argued that the use of
gets() constitutes "sloppy programming" in and of itself.

Of course it is not dangerous in a little exercise program that doesn't do
anything, but then neither is gets().

I guess on your system undefined behavior can never do any harm.


To use fgets() safely you must check for the newline. If it is not present a
buffer overflow occurred. So you must then take action against the buffer to

Actually, a buffer overflow was prevented.

ensure that the next read doesn't get the remainder of the previous line.

The recommended action should be either:

Whatever the program needs to do to obtain the remainder of
the line so the input can be processed as intended .

Reject the input with appropriate notification to the user and
suitable follow-on action

Exactly so.
.

Relevant Pages

  • Re: Why is it dangerous?
    ... Heathfield posted a dangerous use of fgets() in this very thread. ... Any code that does not check the status of "service requests" is ... But this is a result of sloppy programming. ... a buffer overflow was prevented. ...
    (comp.lang.c)
  • Re: Problem with string manipulation
    ... Yes, fgets() USUALLY puts ... length of the token doesnt overflow the destination. ... with a buffer overflow if they get write access to this file. ...
    (comp.lang.c)
  • Re: Dealing with ad hominem attacks in comp.programming
    ... The claim that fgets() is as dangerous as getsis not just "hotly ... The question is whether a buffer overflow is more or less dangerous ... Or it may seem to work but corrupt your memory with all possible ... be misused (as can be pointers, arrays, chain saws, you name it) ...
    (comp.programming)
  • Re: Dealing with ad hominem attacks in comp.programming
    ... The claim that fgets() is as dangerous as getsis not just "hotly ... programmers to use correctly, as has been demonstrated time after ... The question is whether a buffer overflow is more or less dangerous ... and doesn't add a newline. ...
    (comp.programming)
  • Re: Dealing with ad hominem attacks in comp.programming
    ... Using fgets() safely and correctly is ... For fgetsto be an improvement over getsit has to handle buffer overflow better. ... So to use fgetscorrectly you must check for the absence of the newline, and then take action against two half lines, which may potentially be mistaken for valid input. ... getsmay do the correct thing, which is to terminate the program with an error message, or it may appear to work as the programmer hoped, or it may even cause user-specified code to be executed. ...
    (comp.programming)