Menu
It seems to me, people, especially when learning the C programming language, are still using the gets function to read in data from stdin. Despite that it has now been removed1 from the C11 standard, and a disclaimer on cppreference reads:
The gets() function does not perform bounds checking, therefore this function is extremely vulnerable to buffer-overflow attacks. It cannot be used safely (unless the program runs in an environment which restricts what can appear on stdin). For this reason, the function has been deprecated in the third corrigendum to the C99 standard and removed altogether in the C11 standard. fgets() and gets_s() are the recommended replacements.
Never use gets().
However, it seems to be that this is not a new issue that came up with more modern programming philosophies. It would have always been broken and have caused programs to crash and I don't see what could possibly be meant by an "environment which restricts what can appear on stdin".
So, was it ever useful in the past? Or what is the reason it was added to previous standards and pre-standard versions of C?
(1)... or at least changed to have an additional parameter indicating the maximal length to read. I am however asking about the old signature, receiving only a pointer.
619
Your need for “closure” is just another form of people-pleasing. You want the other person who disrespected you to take away your discomfort because you can't stand the idea that somebody doesn't like you. That's why you're looking for closure. You got closure the minute they made you a second choice.
Closure is important after a breakup because:Your brain needs an authentic narrative to make sense of what happened. Without closure you might keep going back to a relationship that wasn't working. You could be doomed to repeat the same relationship patterns the next time around without closure.
When we seek closure we are looking for answers as to the cause of a certain loss in order to resolve the painful feelings it has created. In doing this, we appear to form a mental puzzle of what's happened – examining each piece and its relationship to the overall puzzle.
Closure refers to having a sense of understanding, peace, and accepted finality of the relationship whether it's ended because of loss, rejection, or growing apart.
Yes, it was useful and "extremely vulnerable to buffer-overflow attacks" at the same time.
It would have always been broken and have caused programs to crash and I don't see what could possibly be meant by an "environment which restricts what can appear on stdin".
No, gets didn't cause programs to crash. It is primarily a security problem. You can read about buffer overflow attacks here
Also see this question: Why is the gets function so dangerous that it should not be used?
57
When you look at remnants from the early days of C, you have to consider the historical background.
The C language was designed in the 70s. Back then, networked systems were the exception than the norm, and security wasn't considered as important as today. Systems were rarely operating on untrusted 3rd party data. And even when they were doing so, it wasn't considered that big of a risk. Information technology was still in its earliest stage. Nobody realized how sensitive computer systems could be.
CPU time, on the other hand, was precious. Programs needed to be as efficient as possible.
That's why most functions from the C standard library do no bound checking. Performance had a much higher priority than security. When you required security, you were supposed to validate your data before feeding it to your program.
But today in the 21st century, where all computer systems are interconnected, all computer systems are constantly processing information from untrusted or even unknown origins, and hacking is a billion dollar industry, security has become priority number one for every computer program.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
