Re: Why is it dangerous?

On Aug 9, 5:42 pm, Julian <j...@xxxxxxxxxxxxxx> wrote:
[...] When I compile a program from our C course with a windows
compiler there is no problem but when I try to compile it with a
linux compiler it complains that

a_03.c:(.text+0x4d): warning: the `gets' function is dangerous
and should not be used.

Is linux more dangerous than windows?

You have to be kidding me. There were BSODs being projected as images
inadvertently during the recent Beijing Olympic Games, and they are
very common occurrences on airport terminal displays. Can you even
describe to me what a Kernel Panic is? Do you know of anyone who ever
even seen one?

The gcc compiler (which is not Linux specific, BTW) is trying to give
you a warning about the use of gets(). The other compilers you are
using are not. Those other compilers are not doing you a very good
service, because this comment from gcc is correct (and it applies
regardless of which OS or compiler you are using.)

[...] Where can I download a non dangerous gets function?

Of course the standards people here probably don't even have the first
clue how to interpret this request. They don't realize that the
problem is not with you, but in fact is with them. They don't realize
that its not good enough to deprecate this function in a standard
nobody is going to follow anymore, or to issue warnings or document
something that says this is bad. They have to functionally poison
this function so *NO ATTEMPT* at making it work will ever succeed.

[...] I have never used gets before is
there undefined behavior somewhere?

Indeed there is. The mere usage of it invokes undefined behavior.

Here is a trimmed down example program from my assignment that
demonstrates the problem

#include <stdio.h>
#include <malloc.h>

You should use #include <stdlib.h> as it is included in all ANSI
compatible systems (malloc.h is not).

void main()
{
    char *string;
    printf("enter string (max 2000 chars): ");
    fflush(stdin);

I'm not sure this makes any sense. Either way, it cannot semantically
do anything useful.

    fflush(stdout);

This is not guaranteed to cause the printf () line to actually flush.
This only causes it to flush from the language's point of view, not
the underlying system's point of view. I would recommend just putting
a \n at the end of the prompt string and forgetting all about these
flushes.

    string = (char *)malloc(2001);
    if(!string) exit(1);
    gets(string);

Remember: gets() *ALWAYS* exhibits undefined behavior. Even if it
appears to have accepted input text correctly, you have no expectation
that it has not also installed a virus on your machine or manipulated
the numbers in all your spread sheets as well or posted your passwords
to alt.scientology or turned on your webcam and posted images to
4chan. You can try to hobble along with fgets() as an alternative or
use the code given here:

http://www.azillionmonkeys.com/qed/userInput.html

    printf("you entered: %s\n", string);
    free(string);
    exit(0);
}

On windows with TurboC and Lcc no error is printed. On linux with
gcc it says gets is dangerous.

Its actually the gcc linker which is giving you this message.
(Because its wrong even if invoked indirectly through some other
programming language.) The function gets() can never be used properly.

Please advise my instructor says gcc is overly pedantic.

You instructor's comments are non sequitur. More man years of work
has gone into gcc than years your instructor has lived.

--
Paul Hsieh
http://www.pobox.com/~qed/
http://bstring.sf.net/
.