What's so bad about scanf anyway??? (really what's bad about gets)

Jon H. LaBadie jon at jonlab.UUCP
Fri Nov 16 18:00:40 AEST 1990


In article <1990Nov12.014850.14475 at melba.bby.oz.au>, zvs at bby.oz.au (Zev Sero) writes:
> 
> But for exactly the same reason, you should never, never, never use
> gets().  The gets() function does not check how many characters it
> reads.  It just keeps going until it sees a newline.  If the array
> you're storing the thing in overflows, tough bikkies.

This question is asked regarding input from terminals only.

I've a vague recollection that declaring input arrays to be BUFSIZ
in length provides some protection to overflow by gets(3C).

Is this just "conventional wisdom", or does something in the choice
of BUFSIZ for a particular system ensure any overflow protection?

Jon

-- 
Jon LaBadie
{att, princeton, bcr, attmail!auxnj}!jonlab!jon



More information about the Comp.lang.c mailing list