+ 14

[Solved] Why gets() function is dangerous to use in code? Please help me understand the following warning.

Below is the description mentioned in lesson: The gets() function is used to read input as an ordered sequence of characters, also called a string. A string is stored in a char array. TIY code example: https://www.sololearn.com/learning/1089/2914/6296/1 This warning I received every time when input is given as char int, string or just one letter. I did not understood what warning here means. /Playground/file0.c: In function 'main': ./Playground/file0.c:6:5: warning: implicit declaration of function 'gets'; did you mean 'fgets'? [-Wimplicit-function-declaration] 6 | gets(a); | ^~~~ | fgets ../Playground/: /tmp/ccI0Ulhr.o: in function `main': file0.c:(.text+0x15): warning: the `gets' function is dangerous and should not be used. What I understood through this example is, the char a[100] ..... that defines length of elements stored in array. And, due to warning I am confused which function is better to use gets() or fgets()? [I may be just assuming or could be completely wrong about "char

3rd Jan 2021, 9:04 PM
Shivani 📚✍
Shivani 📚✍ - avatar
8 Answers
+ 2
These codes use gets and explain some concepts to protect against buffer overflows: https://code.sololearn.com/cNUXdaeqtLtf/?ref=app https://code.sololearn.com/c0Y73PhmZ5Hd/?ref=app
4th Jan 2021, 8:37 AM
Aaron Eberhardt
Aaron Eberhardt - avatar
+ 7
Jayakrishna🇮🇳, thanks for the explanation ! Understood bit more and it does make sense how the input stored is replaced and also referencing the link as well. Thank you! 🙂
3rd Jan 2021, 9:33 PM
Shivani 📚✍
Shivani 📚✍ - avatar
+ 7
Thank you HBhZ_C for explanation!
3rd Jan 2021, 10:59 PM
Shivani 📚✍
Shivani 📚✍ - avatar
+ 7
Great ! Thank you again! Sharing buffer overflow through your codes help me understanding it better Aaron Eberhardt 😃
4th Jan 2021, 1:10 PM
Shivani 📚✍
Shivani 📚✍ - avatar
+ 5
Aaron Eberhardt , thanks for sharing your code examples for buffer very well explained! However, I am not aware with "canary" term and specifier %llu 🤔
4th Jan 2021, 1:02 PM
Shivani 📚✍
Shivani 📚✍ - avatar
+ 3
gets() function is deprecated function. It's from conio.h non-standard deprecated header file. It is dengerous because it lead to wrong input storage if you enter input more than the array declared size. In that case, it reads over the limit also and replaces the contents. For ex : if array size is 10 chars but you entered 12chars then it read all charecters and 1st 2chars replaced by 11,12 char input. So it lead to wrong result. And also it does not stop if input is infinite. But fgets() function don't save charecters into destination, more than the max limit. It don't replace. Hope it helps... Edit : S𝖍𝖎𝖛𝖆𝖓𝖎⚘🧚‍♀️ https://stackoverflow.com/questions/1694036/why-is-the-gets-function-so-dangerous-that-it-should-not-be-used
3rd Jan 2021, 9:12 PM
Jayakrishna 🇮🇳
+ 2
Input is stored in memory so any malicious coder will exploit this weakness and enter an input that will crash your system with gets or any non controlled input.It is called buffer overflow that leads to damages or altered memory size or variables address.
3rd Jan 2021, 9:54 PM
HBhZ_C
HBhZ_C - avatar
+ 1
S𝖍𝖎𝖛𝖆𝖓𝖎⚘🧚‍♀️ Canary: https://en.m.wikipedia.org/wiki/Buffer_overflow_protection#Canaries %llu: format for unsigned long long int. I don't know exactly why I used it there but it seems to work...
4th Jan 2021, 1:07 PM
Aaron Eberhardt
Aaron Eberhardt - avatar