+ 2

Why is gets dangerous

When learning c it showed the gets function but when running it, it says its dangerous and should not be used But why is it dangerous

27th Nov 2022, 4:20 PM
Diamond Man
Diamond Man - avatar
2 odpowiedzi
+ 7
https://en.cppreference.com/w/c/io/gets "The gets() function does not perform bounds checking, therefore this function is extremely vulnerable to buffer-overflow attacks. It cannot be used safely (unless the program runs in an environment which restricts what can appear on stdin). For this reason, the function has been deprecated in the third corrigendum to the C99 standard and removed altogether in the C11 standard. fgets() and gets_s() are the recommended replacements. Never use gets()."
27th Nov 2022, 4:28 PM
Tibor Santa
Tibor Santa - avatar