this post was submitted on 21 Aug 2023
26 points (100.0% liked)

Programming

17558 readers
349 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 2 years ago
MODERATORS
 

cross-posted from: https://lemm.ee/post/4890334

cross-posted from: https://lemm.ee/post/4890282

let's say I have this code

` #include #include char name[50]; int main(){ fgets(name,50,stdin); name[strcspn(name, "\n")] = '\0'; printf("hi %s", name); }

` and I decide my name is "ewroiugheqripougheqpiurghperiugheqrpiughqerpuigheqrpiugherpiugheqrpiughqerpioghqe4r", my program will throw some unexpected behavior. How would I mitigate this?

you are viewing a single comment's thread
view the rest of the comments
[–] paysrenttobirds@sh.itjust.works 6 points 1 year ago (1 children)

Hello, ewroiugheqripougheqpiurghperiugheqrpiughqerpuigheq,

The fgets function will only read in as many characters as you tell it to (50) in the second parameter, so the rest of the input will simply be lost and the name will be truncated.

[–] fubo@lemmy.world 7 points 1 year ago* (last edited 1 year ago) (1 children)

And, mind you, fgets is the safer replacement to the original gets, which attempts to read a variable-length line into a fixed-length buffer.

The manual has this to say about gets

BUGS
       Never use gets().  Because it is impossible to tell without knowing the
       data  in  advance  how  many  characters  gets() will read, and because
       gets() will continue to store characters past the end of the buffer, it
       is  extremely dangerous to use.  It has been used to break computer se‐
       curity.  Use fgets() instead.
[–] mo_ztt@lemmy.world 3 points 1 year ago (1 children)

Why is this even still in the library 🥲

Twenty years ago it kind of made sense. Ok it's bad, but sometimes we're just reading a local file fully under our control, maybe from old code that the source doesn't exist anymore for, it's such a core function that taking it out however badly needed will have some negative consequences.

At this point though, I feel like calling it should just play a loud, stern "NO!" over your speakers and exit the program.

[–] fubo@lemmy.world 6 points 1 year ago

Why is this even still in the library 🥲

The linker will complain at you —

dumb.c:(.text+0x2f): warning: the `gets' function is dangerous and should not be used.