Even worse (was Re: Google Code Search)
Sue Spence
virtualsue at pennine.com
Fri Oct 6 17:29:35 BST 2006
Andy Armstrong wrote:
> On 6 Oct 2006, at 15:34, Sue Spence wrote:
>>> Are you saying /any/ use of gets() is bad? Most of the examples I
>>> read on the first two pages don't seem to present much in the way of
>>> risk.
>>
>> gets() is inherently unsafe because there is no way to control the
>> size of the amount of data from stdin that will be shoved into the
>> buffer passed to it. fgets() is usually used instead, because it takes
>> a 'max size' parameter.
>
> Yes, thanks. I know why gets is unsafe.
Then you didn't need to ask.
More information about the london.pm
mailing list