Path: utzoo!attcan!uunet!unisoft!achut
From: achut@unisoft.UUCP (Achut Reddy)
Newsgroups: comp.lang.c
Subject: Re: gets(3) nonsense
Message-ID: <1403@unisoft.UUCP>
Date: 14 Nov 88 23:03:36 GMT
References: <867@cernvax.UUCP> <645@quintus.UUCP> <339@igor.Rational.COM> <14447@mimsy.UUCP> <1643@solo11.cs.vu.nl>
Reply-To: achut@unisoft.UUCP (Achut Reddy)
Lines: 18

In article <1643@solo11.cs.vu.nl> maart@cs.vu.nl (Maarten Litmaath) writes:
>And now the real point: let's stop complaining about the gets(3) semantics of
>not checking buffer boundaries; this is precisely what was intended.
>Does anyone suggest doing away with strcpy() too?
>Or /bin/rm, being destructive?

No, there is a fundamental difference between gets(3) and all the other
functions that don't check buffer boundaries.  That difference is that 
the other functions *can* be used safely if the programmer exercises
some care.  He has complete control over the arguments he passes to these
functions, and can ensure that his buffers don't overflow.  When gets(3)
is used, however, to get input from any source which the user has
control over (e.g., stdin), then a correct program *cannot* be written.
(The user can always enter an input line longer than the buffer length)

gets(3) should not be used, and hopefully it can be phased out.

Achut Reddy