taking input through gets()

Not really. It's showing a warning that advise you to use fgets instead of gets because gets is a dangerous function. Your code shouldn't run if it was a error.

Some additional notes gets() is dangerous, user can overload the buffer. How will you ensure users don't enter more than 99 chars? Why 99 instead of 100 like you set?

Brian Thanks for the catch on the pointer. Removed to not create confusion.

I still couldn't understand, can anyone simplify it further

The function gets is vulnerable to a simple bufferoverflow exploitation on the stack. If you use gets to supply input to a variable allocated with n bytes of memory, you can induce a segmentation fault by supplying n+1 bytes of memory. Thus overflowing bytes of memory allocated on the stack, to other memory addresses. A skilled attacker (h@xx0r br0 or l33t b0i) can then exploit vulnerability by supplying just enough bytes to overwrite return memory address and execute a different program potentially with escalated privileges.

William Owens I like your second comment regarding potential of input to go out of bounds. Your first comment though does not apply in this instance. Here is why: The code defines a as a char array. char a[100]; Using the syntax of gets(a); is equivalent to: gets(&a[0]); Using only a (without brackets) means it is passed as a (char *), that is a pointer to the first location, not as a (char) the way you stated.