Thread: gets() not so bad

Originally Posted by nonoob

Maybe programmers are getting dumber and we need to have nice bubble-wrapped soft and cozy functions for everything to protect us.

That is actually the trend over recent years. Java, for example, had its genesis in being a "safer C++". In part because programmers expect things to "just work" (i.e. they don't take the care to avoid using constructs in an unsafe manner) and in part - like gets() - the constructs are inherently unsafe.

Using gets() is all well and good if you can trust the user of your program not to do something silly that overruns the buffer length. In the real world, programmers have to be paranoid and assume the user of their program CANNOT be trusted to do the right thing. Teaching students otherwise is teaching them habits that will be frowned on when they go for a job.

However, it is usually better to use some means that allows the programmer to prevent a buffer overrun. fgets() does that, without too much ado. Although there are trade-offs in its usage - extra care is needed to properly handle lines that exceed the buffer length. Not difficult, but care needed. In practice, the code is often less complicated by using fgetc() in a loop, if your code needs to read multiple lines.

Can? Yes. Will? No. There's no reason to not switch to fgets. It's not like it's a hard change to make. Most people just show up and say "do this for me", anyway, so I'm not too worried about upsetting them or hurting their feelings.

Besides, why reinforce bad habits? Teach them right the first time, so you don't have to keep telling them the same thing over and over.


Quzah.

I agree in principle that people should be free to take all the risks they want IF they understand them, esp. since even gets() could be used be used completely safely in some circumstances* IF you understand what the issue is (and as we know, it is a very simple issue). I do not think the "risk" here, for newbies, however, has anything to do with user exploitation.

AFAIK "gets" is the only standard function which the GNU linker issues a warning just for using (it actually says "never use gets" too), so this is not just something peculiar to the forum. I don't think I've ever told anyone not to use it. On the other hand, I do not see a purpose to the function at all -- you might as well just learn fgets() and be done with it, so it's probably for the best that people be shoo-ed away from it.

On the other (other) hand, that's kind of patronizing and does reflect an attitude that I find distasteful (excessive paranoia WRT to memory management, which I think once you are aware of the potential problems you can cause yourself, you can learn to deal with it -- I do not need to be protected from the potential stupidity of [some theoretical idiot] and I don't think anyone else does either).

BUT I think people have the right to an expressing an opinion, and you, nonoob, have the right to contradict it with your own. I do this here all the time. At some point, the newbie him/herself has to sort out who to trust, who not to, how, when, where, why. That's life! There's no point in shielding them from debate.

Originally Posted by nonoob

Just make sure the buffer is reasonably large. Say, a reusable buffer of 500 bytes for simple inputs.

Well, why not go for full disclosure and tell them a nice "power of 2" round number is the real ideal, say 1K or 2K or 4K.

* nb. I would never bother to do that myself, personally -- probably I am a product of cboard

I usually just use BUFSIZ. But hey, if you're going to start doing things the smart way, why are you still using gets?


Quzah.

Originally Posted by quzah

I usually just use BUFSIZ. But hey, if you're going to start doing things the smart way, why are you still using gets?

Again, I don't, but I don't see any reason why you shouldn't if you understand the problem and it suits your purposes. Just not in production grade code please! (I'd assume the reason GNU ld has that warning is precisely that.)

Originally Posted by nonoob

Maybe programmers are getting dumber and we need to have nice bubble-wrapped soft and cozy functions for everything to protect us.

I find that super-paranoia irritating too -- I presume it is a product of certain workplaces, and for good reason (but that does not make it "true" or justified in a more pure and abstract sense).

Originally Posted by MK27

I find that super-paranoia irritating too -- I presume it is a product of certain workplaces, and for good reason (but that does not make it "true" or justified in a more pure and abstract sense).

Didn't we go over that last time? It's not super paranoia; it's security.
Imagine Microsoft not using all those security checks. Well, we'd have a 1000x more patches today.
Teach newbies to write safe code and do so early. It's growing all the more important in today's world. Even if they're not going to write real world applications in the future, they won't be happy if their machine gets hacked because they forgot about security.
Or heck, how about when they take it up as a hobby and distribute some pieces here and then and maybe compile an application.
...And then people's computers start crashing. Wonderful.

It's the right thing to do to ban gets. Now I also hope they will consider adding safe variants of other unsafe (but rarely mentioned) functions such as strcpy, memcpy, strcat, etc.

Originally Posted by Elysia

Didn't we go over that last time? It's not super paranoia; it's security.
Imagine Microsoft not using all those security checks. Well, we'd have a 1000x more patches today.
Teach newbies to write safe code and do so early. It's growing all the more important in today's world.

You are assuming the purpose is to prepare everyone for employment at Microsoft, or some other place where scale would necessitate this kind of paranoia, because they probably have employees that will intentionally incorporate buffer overrun bugs on a bad day, so the move has been more and more toward "foolproof" languages to help management manage this not doubt insidious and significant problem.

However, while this may be true for many, it's not true for everyone. I have no desire to work anywhere like that -- I'd rather just do unskilled labour, in fact. So your perspective is valid, but it should never never be taken as a universal rule (eg, so that we start adapting the C standard to it*). Programming as business concerns are not synonymous with pure programming concerns, where I think freedom is more important.

The fact that some software houses have problems with people shooting each other in the foot is not my problem. Let them use Java or something, or spend money on mem checkers (which I believe is a cost of doing such business).

* however, I could care less if they ban gets(), since it is silly and redundant.

The real problem with gets is that people use it, and then are immediately told to use scanf, and they start mixing them up and they can't figure out why their input doesn't work right all the time.


Quzah.

As you know the gets() man page have this to say about it:

SECURITY CONSIDERATIONS
... It is strongly suggested that the fgets() function be used in all cases. (See the
FSA.)

Even though the "risk" is definitely related to the context in which gets is used. I think it's normal that this is mentioned on a C programming board if someone seems to be unaware of it.