gets() not so bad

This is a discussion on gets() not so bad within the C Programming forums, part of the General Programming Boards category; Can the regulars here stop deriding & insulting professors who teach students to use gets()? I use this function all ...

  1. #1
    Registered User
    Join Date
    Sep 2008
    Location
    Toronto, Canada
    Posts
    1,831

    gets() not so bad

    Can the regulars here stop deriding & insulting professors who teach students to use gets()?

    I use this function all the time. It's perfectly wonderful. Every program is likely to have way more places in them where things can blow up. The last thing a student of C needs to worry about is some orchestrated attack by someone who would exploit buffer overruns... Such users are not likely the audience for assignment project code.

    Not every piece of code needs to be criminal-hacker proof. Just make sure the buffer is reasonably large. Say, a reusable buffer of 500 bytes for simple inputs.

  2. #2
    Third Eye Babkockdood's Avatar
    Join Date
    Apr 2010
    Posts
    352
    I just executed a simple program that uses gets. After execution GCC gave me, "warning: this program uses gets(), which is unsafe".

  3. #3
    ATH0 quzah's Avatar
    Join Date
    Oct 2001
    Posts
    14,826
    Can? Yes. Will? No. There's no reason to not switch to fgets. It's not like it's a hard change to make. Most people just show up and say "do this for me", anyway, so I'm not too worried about upsetting them or hurting their feelings.

    Besides, why reinforce bad habits? Teach them right the first time, so you don't have to keep telling them the same thing over and over.


    Quzah.
    Hope is the first step on the road to disappointment.

  4. #4
    Registered User
    Join Date
    Mar 2009
    Posts
    399
    It's broken by design. It should never have been in the C library to begin with, and teaching students to use it is a good way of making the students look incompetent when they start using it in code that other coders are going to look at. Besides, it's not like it requires much effort to use a function like fgets instead.

    If I was a student I would be upset if my professor was teaching me to program in a way that would make me look like a fool to any other decent programmer.

  5. #5
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    I agree in principle that people should be free to take all the risks they want IF they understand them, esp. since even gets() could be used be used completely safely in some circumstances* IF you understand what the issue is (and as we know, it is a very simple issue). I do not think the "risk" here, for newbies, however, has anything to do with user exploitation.

    AFAIK "gets" is the only standard function which the GNU linker issues a warning just for using (it actually says "never use gets" too), so this is not just something peculiar to the forum. I don't think I've ever told anyone not to use it. On the other hand, I do not see a purpose to the function at all -- you might as well just learn fgets() and be done with it, so it's probably for the best that people be shoo-ed away from it.

    On the other (other) hand, that's kind of patronizing and does reflect an attitude that I find distasteful (excessive paranoia WRT to memory management, which I think once you are aware of the potential problems you can cause yourself, you can learn to deal with it -- I do not need to be protected from the potential stupidity of [some theoretical idiot] and I don't think anyone else does either).

    BUT I think people have the right to an expressing an opinion, and you, nonoob, have the right to contradict it with your own. I do this here all the time. At some point, the newbie him/herself has to sort out who to trust, who not to, how, when, where, why. That's life! There's no point in shielding them from debate.

    Quote Originally Posted by nonoob View Post
    Just make sure the buffer is reasonably large. Say, a reusable buffer of 500 bytes for simple inputs.
    Well, why not go for full disclosure and tell them a nice "power of 2" round number is the real ideal, say 1K or 2K or 4K.

    * nb. I would never bother to do that myself, personally -- probably I am a product of cboard
    Last edited by MK27; 06-10-2010 at 03:54 PM.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  6. #6
    Registered User
    Join Date
    Sep 2008
    Location
    Toronto, Canada
    Posts
    1,831
    I was gonna say 256 or 512, actually. I allocate powers-of-two myself, just in case the compiler or memory allocator is happier that way.

  7. #7
    ATH0 quzah's Avatar
    Join Date
    Oct 2001
    Posts
    14,826
    I usually just use BUFSIZ. But hey, if you're going to start doing things the smart way, why are you still using gets?


    Quzah.
    Hope is the first step on the road to disappointment.

  8. #8
    Registered User
    Join Date
    Sep 2008
    Location
    Toronto, Canada
    Posts
    1,831
    Quote Originally Posted by Babkockdood View Post
    I just executed a simple program that uses gets. After execution GCC gave me, "warning: this program uses gets(), which is unsafe".
    That's not the only function for which Microsoft Visual Studio C++ complains. I have to set the preprocessor definition CRT_SECURE_NO_DEPRECATE as per its recommendation to shut it up. It seems over the past few years, many of our well loved string and memory standard library functions have been declared as unsafe.

    Maybe programmers are getting dumber and we need to have nice bubble-wrapped soft and cozy functions for everything to protect us.

  9. #9
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by quzah View Post
    I usually just use BUFSIZ. But hey, if you're going to start doing things the smart way, why are you still using gets?
    Again, I don't, but I don't see any reason why you shouldn't if you understand the problem and it suits your purposes. Just not in production grade code please! (I'd assume the reason GNU ld has that warning is precisely that.)

    Quote Originally Posted by nonoob View Post
    Maybe programmers are getting dumber and we need to have nice bubble-wrapped soft and cozy functions for everything to protect us.
    I find that super-paranoia irritating too -- I presume it is a product of certain workplaces, and for good reason (but that does not make it "true" or justified in a more pure and abstract sense).
    Last edited by MK27; 06-10-2010 at 04:11 PM.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  10. #10
    ATH0 quzah's Avatar
    Join Date
    Oct 2001
    Posts
    14,826
    The real problem with gets is that people use it, and then are immediately told to use scanf, and they start mixing them up and they can't figure out why their input doesn't work right all the time.


    Quzah.
    Hope is the first step on the road to disappointment.

  11. #11
    Registered User
    Join Date
    Jan 2009
    Posts
    1,485
    As you know the gets() man page have this to say about it:

    SECURITY CONSIDERATIONS
    ... It is strongly suggested that the fgets() function be used in all cases. (See the
    FSA.)
    Even though the "risk" is definitely related to the context in which gets is used. I think it's normal that this is mentioned on a C programming board if someone seems to be unaware of it.
    Last edited by Subsonics; 06-10-2010 at 04:30 PM.

  12. #12
    a_capitalist_story
    Join Date
    Dec 2007
    Posts
    2,648
    Yeah, let's let the ignorance continue. What could it possibly hurt?

  13. #13
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,230
    The only reason a professor would suggest using gets() over fgets() is because he believes you are too stupid to understand how to call fgets(). In other words, you're admitting you are an idiot if you use gets().

    You're learning how to program a computer, yes? Well, learn how to pass a freaking buffer size into a function.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  14. #14
    Woof, woof! zacs7's Avatar
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    3,459
    Unless you can predict their input data, then certainly don't ignore the fact they're using gets(). There's really no reason to use it, or ignore the fact someone else is using it. In most cases, it could be fixed by a simple regex find-and-replace. In VIM:

    Code:
    :%s/gets(\(.*\))/fgets(\1, sizeof(\1), stdin)/gc
    And that took all of 5 seconds to come up with. Not only is there no reason for not using gets(), there's also no reason to leave it there.
    Last edited by zacs7; 06-10-2010 at 07:17 PM.

  15. #15
    Registered User
    Join Date
    May 2010
    Location
    Naypyidaw
    Posts
    1,314
    Never mind. Next C standard will remove gets() function.
    C1X - Wikipedia, the free encyclopedia

Page 1 of 7 1234567 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. bad and fail of steam
    By George2 in forum C++ Programming
    Replies: 8
    Last Post: 02-19-2008, 02:07 AM
  2. Can you still view the bios screen with a bad CPU?
    By HyperCreep in forum Tech Board
    Replies: 4
    Last Post: 12-31-2006, 05:57 PM
  3. Replies: 6
    Last Post: 11-12-2005, 10:57 AM
  4. Bad coding habits
    By Magos in forum A Brief History of Cprogramming.com
    Replies: 14
    Last Post: 09-12-2005, 05:44 PM
  5. Shocking(kind of)
    By Shadow in forum A Brief History of Cprogramming.com
    Replies: 25
    Last Post: 12-10-2002, 07:52 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21