Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!wuarchive!udel!princeton!jonlab!jon
From: jon@jonlab.UUCP (Jon H. LaBadie)
Newsgroups: comp.lang.c
Subject: Re: What's so bad about scanf anyway??? (really what's bad about gets)
Summary: Do BUFSIZ arrays provide any protection to gets(3C) problems?
Message-ID: <879@jonlab.UUCP>
Date: 16 Nov 90 07:00:40 GMT
References: <16582@netcom.UUCP> <VXogs2w163w@cybrspc> <1990Nov12.014850.14475@melba.bby.oz.au>
Organization: 4455 Province Line Rd., Princeton, NJ 08540
Lines: 20

In article <1990Nov12.014850.14475@melba.bby.oz.au>, zvs@bby.oz.au (Zev Sero) writes:
> 
> But for exactly the same reason, you should never, never, never use
> gets().  The gets() function does not check how many characters it
> reads.  It just keeps going until it sees a newline.  If the array
> you're storing the thing in overflows, tough bikkies.

This question is asked regarding input from terminals only.

I've a vague recollection that declaring input arrays to be BUFSIZ
in length provides some protection to overflow by gets(3C).

Is this just "conventional wisdom", or does something in the choice
of BUFSIZ for a particular system ensure any overflow protection?

Jon

-- 
Jon LaBadie
{att, princeton, bcr, attmail!auxnj}!jonlab!jon