Even worse (was Re: Google Code Search)

Sue Spence virtualsue at pennine.com
Fri Oct 6 15:34:36 BST 2006

Andy Armstrong wrote:
> On 6 Oct 2006, at 14:34, Marvin Humphrey wrote:
>> Then there's this:
>> http://xrl.us/r4wq (Link to www.google.com)
> Are you saying /any/ use of gets() is bad? Most of the examples I read 
> on the first two pages don't seem to present much in the way of risk.

gets() is inherently unsafe because there is no way to control the size 
of the amount of data from stdin that will be shoved into the buffer 
passed to it. fgets() is usually used instead, because it takes a 'max 
size' parameter.

More information about the london.pm mailing list