How does gets function work

A simple example:. Now, first of all you are allowed to input how many characters you want, gets won't care about it. Secondly the bytes over the size of the array in which you put them in this case array1 will overwrite whatever they find in memory because gets will write them. In the previous example this means that if you input "abcdefghijklmnopqrts" maybe, unpredictably, it will overwrite also array2 or whatever.

You should not use gets since it has no way to stop a buffer overflow. If the user types in more data than can fit in your buffer, you will most likely end up with corruption or worse. In fact, ISO have actually taken the step of removing gets from the C standard as of C11, though it was deprecated in C99 which, given how highly they rate backward compatibility, should be an indication of how bad that function was.

The correct thing to do is to use the fgets function with the stdin file handle since you can limit the characters read from the user. To that end, almost every C coder at some point in their career will write a more useful wrapper around fgets as well. Here's mine:. It provides the same protections as fgets in that it prevents buffer overflows but it also notifies the caller as to what happened and clears out the excess characters so that they do not affect your next input operation.

Feel free to use it as you wish, I hereby release it under the "do what you damn well want to" licence If you would, many applications would no longer compile or run at all. This is the reason that one reference gives:. Reading a line that overflows the array pointed to by s results in undefined behavior.

The use of fgets is recommended. You'll be happy to know that the committee just voted unanimously, as it turns out to remove gets from the draft as well. The fgets function allows properly-written programs to safely process input lines too long to store in the result array. It can't detect the end of available memory, so if you allocate an amount of memory too small for the purpose, it can cause a seg fault and crash.

Sometimes it seems very unlikely that a user will type letters into a prompt meant for a person's name, but as programmers, we need to make our programs bulletproof. The C gets function is dangerous and has been a very costly mistake. The whole hour is worth watching but for his comments view from 30 minutes on with the specific gets criticism around 39 minutes. Hopefully this whets your appetite for the whole talk, which draws attention to how we need more formal correctness proofs in languages and how language designers should be blamed for the mistakes in their languages, not the programmer.

This seems to have been the whole dubious reason for designers of bad languages to push the blame to programmers in the guise of 'programmer freedom'. I would like to extend an earnest invitation to any C library maintainers out there who are still including gets in their libraries "just in case anyone is still depending on it": Please replace your implementation with the equivalent of.

Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Collectives on Stack Overflow. Learn more. Why is the gets function so dangerous that it should not be used? Ask Question.

Asked 12 years ago. Active 18 days ago. Viewed k times. How can I remove this warning and why is there such a warning about using gets?

If gets is so dangerous then why can't we remove it? Anne Vinit Dhatrak Vinit Dhatrak 6, 8 8 gold badges 25 25 silver badges 27 27 bronze badges. Add a comment. Active Oldest Votes. TylerH Thomas Owens Thomas Owens k 94 94 gold badges silver badges bronze badges. It's actually not gcc which warns, it's the glibc which contains a pragma or attribute on gets that causes the compiler to emit a warning when used.

Why is gets dangerous The first internet worm the Morris Internet Worm escaped about 30 years ago , and it used gets and a buffer overflow as one of its methods of propagating from system to system.

You should forget you ever heard that gets existed. Alternatives to gets fgets As everyone else said, the canonical alternative to gets is fgets specifying stdin as the file stream. Recommended practice 6 The fgets function allows properly-written programs to safely process input lines too long to store in the result array.

Jonathan Leffler Jonathan Leffler k gold badges silver badges bronze badges. In many cases, you will want to read-and-discard these characters. I wonder why they didn't add an fgets alternative that allows one to use its functionality without having to make a silly strlen call.

For example, an fgets variant which returned the number of bytes read into the string would make it easy for code to see if the last byte read was a newline.

If the behavior of passing a null pointer for the buffer was defined as "read and discard up to n-1 bytes until the next newline", that would allow code to easily discard the tail of over-length lines.

The nearest approach to that is probably POSIX getline and its relative getdelim , which do return the length of the 'line' read by the commands, allocating space as required to be able to store the whole line. Even that can cause problems if you end up with a single-line JSON file that is multiple gigabytes in size; can you afford all that memory?

And while we're at it, can we have strcpy and strcat variants that return a pointer to the null byte at the end? Are you hacking stackoverflow to get upvotes? Show 10 more comments. The function is unsafe because it assumes consistent input. Jack Jack k 27 27 gold badges silver badges bronze badges. I've no clue about the fgets part though. In that case, if hardware is incapable of submitting lines over bytes long it might be justifiable to gets into a byte buffer, though I would think the advantages of being able to specify a shorter buffer when expecting smaller input would more than justify the cost.

Such a pattern would make it possible for code to pass an arbitrary substring not just the tail of another string without having to copy anything, and would allow methods like gets and strcat to safely accept as much as will fit. Show 4 more comments. But this also has its problems such as: extra characters entered by the user will be picked up the next time around.

Actually, the original C99 standard did not explicitly deprecate gets either in section 7. JavaTpoint offers too many high quality services. Mail us on [email protected] , to get more information about given services. Please mail your requirement at [email protected] Duration: 1 week to 2 week. Command Line Arguments. Enter the string? Next Topic C String Functions. Reinforcement Learning. R Programming. React Native. Python Design Patterns. Python Pillow.

Python Turtle. Verbal Ability. Interview Questions. Company Questions. Artificial Intelligence. Cloud Computing.

Data Science. Angular 7. Machine Learning. Data Structures. Operating System. Computer Network. Compiler Design. Computer Organization. Discrete Mathematics.