WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93115 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
using the "gets()" function in C
Started by
Kariya
, Apr 24 2010 09:56 PM
3 replies to this topic
#1
Kariya
-
- Authentic Member
-
- 15 posts
New Member
- Interests:Music, video games, computers, anime
Posted 24 April 2010 - 09:56 PM
Register to Remove
#2
jpshortstuff
-
- Authentic Member
-
- 5,710 posts
Teacher Emeritus
Posted 26 April 2010 - 01:47 AM
Hi there,
gets does indeed have a security flaw, in that the size of the receiving buffer you provide it is not checked and you can't specify a limit on the number of characters to read (so it is easy to produce a buffer overflow error).
Rather than using scanf as a workaround, I'd go with fgets, since it is much closer to what you are trying to replace.
As for what the compiler is telling you, well it depends on the compiler you are using. gcc for example will produce a warning about the security issue, but will still compile the program. If the only warnings you are getting mention gets' security issue then you know there is nothing wrong with your program. If the errors are talking about something else, then you need to look at your code.
Hope that helps, let me know if you have any more questions.
gets does indeed have a security flaw, in that the size of the receiving buffer you provide it is not checked and you can't specify a limit on the number of characters to read (so it is easy to produce a buffer overflow error).
Rather than using scanf as a workaround, I'd go with fgets, since it is much closer to what you are trying to replace.
As for what the compiler is telling you, well it depends on the compiler you are using. gcc for example will produce a warning about the security issue, but will still compile the program. If the only warnings you are getting mention gets' security issue then you know there is nothing wrong with your program. If the errors are talking about something else, then you need to look at your code.
Hope that helps, let me know if you have any more questions.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#3
Kariya
-
- Authentic Member
-
- 15 posts
New Member
- Interests:Music, video games, computers, anime
Posted 28 April 2010 - 09:55 PM
I rewrote the program and it ended up working (turns out the errors were made by me )
I tried replacing scanf with fgets but then I get an error saying "too few arguments to function ‘fgets’ "
)I tried replacing scanf with fgets but then I get an error saying "too few arguments to function ‘fgets’ "
#4
jpshortstuff
-
- Authentic Member
-
- 5,710 posts
Teacher Emeritus
Posted 29 April 2010 - 12:56 AM
fgets needs a couple more parameters than gets, since we also need to specify the buffer size, and the file we're reading from (stdin in this case).
So, where you might have had code that looked like this:
More info on fgets here:
http://www.cplusplus...y/cstdio/fgets/
Hope that helps.
So, where you might have had code that looked like this:
char buffer[50]; gets(buffer);it should now look like this:
char buffer[50]; fgets(buffer, 50, stdin);
More info on fgets here:
http://www.cplusplus...y/cstdio/fgets/
Hope that helps.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
