{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 柔情千种 的问题《warning:gets function is dangerous [duplicate]》','https://www.manongdao.com/q-19719.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
This question already has an answer here:
When i use gets function,gcc gives me a warning:
warning:the `gets' function is dangerous and should not be used.
Why gets and puts function dangerous?
相关问题
- Multiple sockets for clients to connect to
- What is the best way to do a search in a large fil
- glDrawElements only draws half a quad
- Index of single bit in long integer (in C) [duplic
- Equivalent of std::pair in C
If you have code like this:
and you type in more than 10 characters when the program is run, you will overflow the buffer, causing undefined behaviour. The gets() function has no means of preventing you typing the characters and so should be avoided. Instead you should use fgets(), which allows you to limit the number of characters read, so that the buffer does not overflow.:
The puts() function is perfectly safe, provided the string that you are outputting is null-terminated.
Gets does not check for buffer overrun exposing your code to attack
getsreads data into the given area of memory until a newline or end of file is encountered. If the input (e.g. as supplied by the user) contains a line longer than the size of the buffer supplied togets, it will overflow and gets will write to memory outside the buffer. At worst this may allow a malicious user to write data that alters the behaviour of the program or possibly even executes arbitrary code with the privileges of that program (e.g. one that may be running on a remote server or with the privileges of another user), and even accidental overflows are likely to break the software.fgetsshould be used instead, as it takes an additional argument to constrain the size of the input.See http://www.c-faq.com/stdio/getsvsfgets.html
As Wikipedia's article says,
gets()is inherently unsafe because all it takes is achar *as the argument.This is dangerous because there is no way for the method to know how much space has been allocated to that
char *in any situation. Thereforegetsbehaves as if it has a blank check to write as much data to it as possible, which could result in buffer overruns.The alternative is
fgetswhich takes in not just the character array, but the maximum length and the stream pointer.getsis kept around only for backwards compatibility with older code.Because
getsdoesn't constrain the amount of data it reads, and is thus vulnerable to buffer overruns. @Neil's answer has the appropriate solution to this.The
putsfunction isn't dangerous, AFAIK, unless, of course, you forget to null-terminate it.