Even worse (was Re: Google Code Search)

Sue Spence virtualsue at pennine.com
Fri Oct 6 17:29:35 BST 2006

Andy Armstrong wrote:
> On 6 Oct 2006, at 15:34, Sue Spence wrote:
>>> Are you saying /any/ use of gets() is bad? Most of the examples I 
>>> read on the first two pages don't seem to present much in the way of 
>>> risk.
>> gets() is inherently unsafe because there is no way to control the 
>> size of the amount of data from stdin that will be shoved into the 
>> buffer passed to it. fgets() is usually used instead, because it takes 
>> a 'max size' parameter.
> Yes, thanks. I know why gets is unsafe. 

Then you didn't need to ask.

More information about the london.pm mailing list