+ 3
taking input through gets()
https://code.sololearn.com/cD0NoyB1C4rQ it's showing error
8 Answers
+ 2
Atulya Vaibhav Pandey simplest answer:
Don't use gets(). Use fgets().
Make an effort to learn why by understanding all the other answers.
+ 5
Not really. It's showing a warning that advise you to use fgets instead of gets because gets is a dangerous function. Your code shouldn't run if it was a error.
+ 3
Some additional notes
gets() is dangerous, user can overload the buffer.
How will you ensure users don't enter more than 99 chars?
Why 99 instead of 100 like you set?
+ 2
Brian Thanks for the catch on the pointer. Removed to not create confusion.
+ 1
I still couldn't understand, can anyone simplify it further
+ 1
The function gets is vulnerable to a simple bufferoverflow exploitation on the stack.
If you use gets to supply input to a variable allocated with n bytes of memory, you can induce a segmentation fault by supplying n+1 bytes of memory. Thus overflowing bytes of memory allocated on the stack, to other memory addresses.
A skilled attacker (h@xx0r br0 or l33t b0i) can then exploit vulnerability by supplying just enough bytes to overwrite return memory address and execute a different program potentially with escalated privileges.
0
William Owens I like your second comment regarding potential of input to go out of bounds.
Your first comment though does not apply in this instance. Here is why:
The code defines a as a char array.
char a[100];
Using the syntax of
gets(a);
is equivalent to:
gets(&a[0]);
Using only a (without brackets) means it is passed as a (char *), that is a pointer to the first location, not as a (char) the way you stated.