Path: utzoo!attcan!uunet!convex!killer!texbell!sugar!ficc!peter
From: peter@ficc.uu.net (Peter da Silva)
Newsgroups: comp.lang.c
Subject: Re: retiring gets(3)
Message-ID: <2209@ficc.uu.net>
Date: 13 Nov 88 04:39:12 GMT
References: <1988Nov8.054845.23998@utstat.uucp> <8841@smoke.BRL.MIL> <2566@ihlpm.ATT.COM>
Organization: SCADA
Lines: 26

In article <2566@ihlpm.ATT.COM>, snafu@ihlpm.ATT.COM (00704a-Wallis) writes:
> Actually, I don't understand the argument that
> gets() should be removed because it can overrun
> the buffer. What's to prevent the following (and
> how is it different from gets?):

> 	char	some_string[10];

> 	fgets( some_string, 2147483647, stdin );

This is a program bug... the programmer specified the wrong buffer size.
Unlike the case of gets, you can limit the read to the buffer size. In all
the other routines with the gets problem, a program can be written that will
not allow any buffer overflow:

char buffer[10];

	sprintf(buffer, "%.9s", ptr);
	fscanf(fp, "%.9s", buffer);
	fgets(buffer, 10, fp);

The problem is that there is no way to limit how much I/O gets will do.
-- 
Peter da Silva  `-_-'  Ferranti International Controls Corporation
"Have you hugged  U  your wolf today?"     uunet.uu.net!ficc!peter
Disclaimer: My typos are my own damn business.   peter@ficc.uu.net