the gets() function is dangerous

This is a discussion on the gets() function is dangerous within the Linux Programming forums, part of the Platform Specific Boards category; howdy, this code snip is from an example i found in a Borland C++ book. i wrote it in GNU ...

  1. #1
    In The Light
    Join Date
    Oct 2001
    Posts
    598

    the gets() function is dangerous

    howdy,
    this code snip is from an example i found in a Borland C++ book. i wrote it in GNU emacs and compiled from there using g++. when compiled i receive an error -
    "in function 'int menu_select(void) the gets() function is dangerous and should not be used"

    ____________________code______________________

    int main(void)
    {

    char choice;

    init_list(); /* initialize the structure array*/
    for(;;) {
    choice = menu_select();
    switch (choice) {
    case 1: enter();
    break;
    case 2: del();
    break;
    case 3: list();
    break;
    case 4: return 0;
    }
    }
    }


    /*initialize the structure array*/
    void init_list(void)
    {
    register int t;
    for(t=0; t<MAX; ++t) inv_info[t].item[0] = '\0';
    }

    /*input the user's selection*/
    int menu_select(void)
    {
    char s[80];
    int c;
    printf ("\n");
    printf ("1. Enter An Item\n");
    printf ("2. Remove An Item\n");
    printf ("3. List The Inventory\n");
    printf ("4. Quit\n");
    do{
    printf ("Enter Your Choice: ");
    gets(s);
    c = atoi(s);
    } while (c<0 || c>4);
    return c;
    }
    .
    .
    .
    _________________code__________________

    i tryed getchar() - error to many arguments

    what would the correct way be to capture the single digit response and retun it to main?
    or
    am i getting excited about a meaningless warning?
    M.R.

  2. #2
    31173 h4x0r gnu-ehacks's Avatar
    Join Date
    Nov 2001
    Posts
    556
    LoL, I've never heard that kind of an error. Sounds too human-readable to be a programming compiler.
    What will people say if they hear that I'm a Jesus freak?
    What will people do if they find that it's true?
    I don't really care if they label me a Jesus freak, there is no disguising the truth!

    Jesus Freak, D.C. Talk

    -gnu-ehacks

  3. #3
    A Banana Yoshi's Avatar
    Join Date
    Oct 2001
    Posts
    859
    The GCC will not allow you to compile a code with "scanf()" in it. It says it is dangerous.

    ------------------
    Engineer223
    Yoshi

  4. #4
    In The Light
    Join Date
    Oct 2001
    Posts
    598
    howdy gnu-ehacks,
    no kidding that error message is a direct quote!!
    maybe this linux thing is bordering on the twilight zone.
    M.R.

  5. #5
    Registered User
    Join Date
    Aug 2001
    Posts
    202
    gets is dangerous because it lets you read in more data than you've allocated space for, whereas fgets specifies how mny characters it is going to read in (stopping if it finds a newline). So in this case:
    s[80], but gets() would allow you to read 81 or more characters.

    fgets looks like this:

    fgets(s, 2, stdin);

    because you want to read 1 char into array s from the stdin stream (the middle number is n-1 chars you want).

    hope that helps.

    starX
    www.axisoftime.com

  6. #6
    In The Light
    Join Date
    Oct 2001
    Posts
    598
    thank all,
    fgets() works and seems safer.
    M.R.

    BTW gnu-ehacks,
    the g++ error mesages are much better than the BCB 5 i've been using.

  7. #7
    31173 h4x0r gnu-ehacks's Avatar
    Join Date
    Nov 2001
    Posts
    556
    I see...Maybe I should start programming in Linux....Interesting.
    What will people say if they hear that I'm a Jesus freak?
    What will people do if they find that it's true?
    I don't really care if they label me a Jesus freak, there is no disguising the truth!

    Jesus Freak, D.C. Talk

    -gnu-ehacks

  8. #8
    Registered User zahid's Avatar
    Join Date
    Aug 2001
    Posts
    532
    Yeah.. really interesting to program in Linux. Specially if your program is running in a money machine
    [ Never code before desk work ]
    -------------------------------------:-->
    A man who fears Nothing is the man who Loves Nothing
    If you Love Nothing, what joy is there in your life.
    =------------------------------------------------------= - I may be wrong.

  9. #9
    Banned Troll_King's Avatar
    Join Date
    Oct 2001
    Posts
    1,784
    scanf is not dangerous if you know how to use it. You can easily build security around it, but 'gets' on the other hand is not good, no matter what.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Undefined Reference Compiling Error
    By AlakaAlaki in forum C++ Programming
    Replies: 1
    Last Post: 06-27-2008, 12:45 PM
  2. Screwy Linker Error - VC2005
    By Tonto in forum C++ Programming
    Replies: 5
    Last Post: 06-19-2007, 03:39 PM
  3. Message class ** Need help befor 12am tonight**
    By TransformedBG in forum C++ Programming
    Replies: 1
    Last Post: 11-29-2006, 11:03 PM
  4. Game Pointer Trouble?
    By Drahcir in forum C Programming
    Replies: 8
    Last Post: 02-04-2006, 02:53 AM
  5. Question..
    By pode in forum Windows Programming
    Replies: 12
    Last Post: 12-19-2004, 07:05 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21