Even worse (was Re: Google Code Search)
Sue Spence
virtualsue at pennine.com
Fri Oct 6 15:34:36 BST 2006
Andy Armstrong wrote:
> On 6 Oct 2006, at 14:34, Marvin Humphrey wrote:
>> Then there's this:
>>
>> http://xrl.us/r4wq (Link to www.google.com)
>
> Are you saying /any/ use of gets() is bad? Most of the examples I read
> on the first two pages don't seem to present much in the way of risk.
gets() is inherently unsafe because there is no way to control the size
of the amount of data from stdin that will be shoved into the buffer
passed to it. fgets() is usually used instead, because it takes a 'max
size' parameter.
More information about the london.pm
mailing list