Path: utzoo!attcan!uunet!husc6!mailrus!nrl-cmf!cmcl2!adm!smoke!gwyn
From: gwyn@smoke.BRL.MIL (Doug Gwyn )
Newsgroups: comp.lang.c
Subject: Re: retiring gets(3)
Message-ID: <8863@smoke.BRL.MIL>
Date: 12 Nov 88 03:50:14 GMT
References: <1988Nov8.054845.23998@utstat.uucp> <8841@smoke.BRL.MIL> <2566@ihlpm.ATT.COM>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 16

In article <2566@ihlpm.ATT.COM> snafu@ihlpm.ATT.COM (00704a-Wallis) writes:
-Actually, I don't understand the argument that
-gets() should be removed because it can overrun
-the buffer. What's to prevent the following (and
-how is it different from gets?):
-	char	some_string[10];
-	fgets( some_string, 2147483647, stdin );

The main difference is that the above example would immediately
raise a flag in the mind of almost any competent programmer reading
the code, whereas we have not yet attained that degree of awareness
concerning gets() on uncontrolled sources of input.

strcpy() also is widely abused, so my mentioning it was not spurious.
The solution is not to ban potentially dangerous tools, but to ensure
that people are properly trained in their safe use.