[muchfresh]

I am learning C from a book called 'Pointers On C' by kenneth A. Reek.

In the first example of the book he uses the gets() function. When the program executes the gets() function for the first time it outputs:

warning: this program uses gets(), which is unsafe.

note: the code compiles fine with cc.

PS. I am learning C so that I can eventually learn Cocoa.

[skipjack]

Originally posted by muchfresh:
<STRONG>warning: this program uses gets(), which is unsafe.
</STRONG>

This from "The Standard C Library" (1992) by P. J. Plauger:

""Avoid using this function. You have no way to limit the number of characters it reads. Use fgets instead."

char *gets(char *s): The gets function reads characters from the input stream pointed to by stdin, into the array pointed to by s, until end-of-file is encountered or a new-line character is read. Any new-line character is discarded and a null character is written immediately after the last character read into the array.

char *fgets(char *s, int n, FILE *stream): The fgets function reads at most one less than the number of characters specified by n from the stream pointed to by stream into the array pointed to by s. No additional characters are read after a new-line character (which is retained) or after end-of-file. A null character is written immediately after the last character read into the array.

[muchfresh]

You rock!

I guess I picked a bad book. I just wanted a book that focused on pointers.

[parallax]

I've heard a lot of good things about this book but yah, gets is one thing you should avoid.

If there's one other tip I may mention (I only started doing this lately), use a lot of asserts in your program, e.g.:

<BLOCKQUOTE><font size="1"face="Geneva, Verdana, Arial">code:</font><HR><pre><font size=1 face=courier>
#include &lt;assert.h&gt;
...
void moo(char *p)
{
assert(p && <font color = red>"Ick, p is NULL"</font>);
}
</font>[/code]

Even with functions that take indices for arguments, I love asserting that those indices are within bounds.

[Chaaaosss]

Ahhh, the benefits of a sound introductory operating systems course. From Tanenbaum, "Modern Operating Systems" in the chapter on security:

One rich source of attacks has been due to the fact that virtually all operating systems and most systems programs are written in the C programming language ... Unfortunately, no C compiler does any array bounds checking. Consequently, the following code sequence, while not illegal, is not also checked:

int i;
char c[1024];
i = 12000;
c[i] = 0;

The result is that some byte of memory 10,976 bytes outside the array c is overwritten, possibly with disastrous consequences. No check is performed at runtime to prevent this error.
...

This [buffer overflow] ... works with very long environment strings, user input, or anything else where the programmer has created a fixed-size buffer to handle a user-supplied string that was expected to be short. By providing a long handcrafted string containing a program, it may be possible to get the program onto the stack and then get it executed.

The C library function "gets" which reads a string (of unknown size) into a fixed-size buffer, but without checking for overflow, is notorious for being subject to this kind of attack. Some compilers even detect the use of "gets" and warn about it.

So there you have it, gcc's just being cute. Well actually, it's preventing you from getting hacked by some malicious programmer with an intricate knowledge of assembly and the stack structure of UNIX and the way your user program, when running, is assigned an address space, but... it's probably just better to use fgets() so your program doesn't crash with a buffer overflow.

[ 05-03-2002: Message edited by: Chaaaosss ]