Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

why gets() is not working?

Tags:

c

I am programming in C in Unix, and I am using gets to read the inputs from keyboard. I always get this warning and the program stop running:

warning: this program uses gets(), which is unsafe.

Can anybody tell me the reason why this is happening?

like image 535
Peiska Avatar asked Jun 04 '10 12:06

Peiska


2 Answers

As mentioned in the previous answers use fgets instead of gets.

But it is not like gets doesn't work at all, it is just very very unsafe. My guess is that you have a bug in your code that would appear with fgets as well so please post your source.

EDIT Based on the updated information you gave in your comment I have a few suggestions.

  • I recommend searching for a good C tutorial in your native language, Google is your friend here. As a book I would recommend The C Programming Language

  • If you have new information it is a good idea to edit them into your original post, especially if it is code, it will make it easier for people to understand what you mean.

  • You are trying to read a string, basically an array of characters, into a single character, that will of course fail. What you want to do is something like the following.

    char username[256];
    char password[256];
    scanf("%s%s", username, password);
    

    Feel free to comment/edit, I am very rusty even in basic C.

EDIT 2 As jamesdlin warned, usage of scanf is as dangerous as gets.

like image 146
ponzao Avatar answered Oct 02 '22 03:10

ponzao


gets is unsafe because you give it a buffer, but you don't tell it how big the buffer is. The input may write past the end of the buffer, blowing up your program fairly spectacularly. Using fgets instead is a bit better because you tell it how big the buffer is, like this:

const int bufsize = 4096; /* Or a #define or whatever */
char buffer[bufsize];

fgets(buffer, bufsize, stdin);

...so provided you give it the correct information, it doesn't write past the end of the buffer and blow things up.

Slightly OT, but:

You don't have to use a const int for the buffer size, but I would strongly recommend you don't just put a literal number in both places, because inevitably you'll change one but not the other later. The compiler can help:

char buffer[4096];
fgets(buffer, (sizeof buffer / sizeof buffer[0]), stdin);

That expression gets resolved at compile-time, not runtime. It's a pain to type, so I used to use a macro in my usual set of headers:

#define ARRAYCOUNT(a) (sizeof a / sizeof a[0])

...but I'm a few years out of date with my pure C, there's probably a better way these days.

like image 24
T.J. Crowder Avatar answered Oct 02 '22 03:10

T.J. Crowder