gets() not so bad

**laserlight** · 06-14-2010

Originally Posted by nonoob

The Microsoft environment has blown up a lot more frequently than my throw-away code. That tells me their good advice about avoiding risky code should be better practiced by their own staff before they preach to me.

Great, and since I do not work for Microsoft anyway...

Originally Posted by nonoob

Can the regulars here stop deriding & insulting professors who teach students to use gets()?

I will continue to scoff at the actions of instructors who teach students to use gets(), unless they happen to be teaching competitive programming.

**whiteflags** · 06-14-2010

Originally Posted by Elysia

By Microsoft environment, you mean...?
Also, Microsoft software is buggy, not insecure. Those are two very different things. I very much doubt that they write outside array bounds.

Operating system blowups usually is because of 3rd-party code. Don't blame Microsoft; blame the developers of the software you're installing.

You have little experience, you are naive or you're just pure dumb. Anyone who says gets is good is either inexperienced, naive or just an idiot.

Let's keep things in perspective here; chances are all you have to do is surf Windows Updates or Microsoft Security Advisories -- actually read those things -- to sober yourself about the security Microsoft professes.

Microsoft Security Advisory (2219475): Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution

This one was not even disclosed by Microsoft at first. So yes, blame Microsoft. Blame Microsoft when they deserve it. There are a lot of wrong things people have been saying to push whatever agenda they agree with. But more than just Microsoft understand that gets is bad. If we stick to just discussing gets, then a consensus is easy to find. In fact, is it not time for a lock?

**cpjust** · 06-14-2010

Originally Posted by nonoob

Can the regulars here stop deriding & insulting professors who teach students to use gets()?

I use this function all the time. It's perfectly wonderful. Every program is likely to have way more places in them where things can blow up. The last thing a student of C needs to worry about is some orchestrated attack by someone who would exploit buffer overruns... Such users are not likely the audience for assignment project code.

Not every piece of code needs to be criminal-hacker proof. Just make sure the buffer is reasonably large. Say, a reusable buffer of 500 bytes for simple inputs.

I don't have time to read all 92 posts, so maybe someone already said this...

You're right. Not all code needs to be hacker proof. Simple test code that isn't going to be used in a real world environment doesn't need to be perfect. However, the issue here is that teachers are showing students how to use gets() and probably not warning them about the dangers of using it in the real world; or students might start using gets() and forget that it's dangerous, then they get employed by Microsoft and start littering Windows code with gets() and other bad code... If the teacher would have got them hooked on using fgets() right from the start (and also teaching them about the dangers of the gets() function), then students would be less likely to use it in the real world.

**laserlight** · 06-14-2010

Originally Posted by whiteflags

In fact, is it not time for a lock?

Yes.

Thread: gets() not so bad

Thread Tools

Search Thread

Display

Similar Threads

bad and fail of steam

Can you still view the bios screen with a bad CPU?

GLSL lighting. Bad normals? Bad shader? Something else entirely?

Bad coding habits

Shocking(kind of)