home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.lang.c
- Path: scn.org!kurt
- From: kurt@scn.org (Kurt Cockrum)
- Subject: Why does the "universal bugfunction" gets() survive in 1996?
- Message-ID: <DoDGq8.Dqq@scn.org>
- Sender: news@scn.org
- Reply-To: kurt@scn.org (Kurt Cockrum)
- Organization: Seattle Community Network
- Date: Sat, 16 Mar 1996 18:01:20 GMT
-
-
- The gets() function reads characters into a buffer until a newline or
- EOF is received. It's dangerous because no length constraints
- on the function exists, and the possibility of buffer overruns is
- always present. This is even noted on the man page, where it says
- that the fgets() function should be used instead. See gets(3).
- This is all old, well-known stuff.
-
- Here's my question to the sages of usenet and this newsgroup:
- Why does the function continue to exist? Why not let it die the
- ignominious death it deserves? Whose code would break by it's
- disappearance? and why *shouldn't* that code break, especially
- since it's inherently dangerous and is potentially a grave disservice
- to any user? And it would be nice to know what code that is, so
- it could be avoided.
-
- And why is there so little discussion of this? Not even in the "C
- Rationale" have I seen any reasoning behind the decision to keep gets().
- Not even in P. J. Plauger's voluminous writings (otherwise extremely
- enlightening) about the C standardization process has there been any
- mention of this (at least to my knowledge).
-
- Especially, I'd be interested in hearing why and how this function
- snuck it's way into the ANSI standard library...talk about virii!
- Kinda makes me think that if I were a darkside cracker, I'd join
- some standardization process...I might not catch any old unix hackers,
- but there's a whole new crop of Windoze & NT programmers porting their
- stuff to unix, just waiting to get bit...
- --
- -- kurt@scn.org kurt@grogatch.seaslug.org (Kurt Cockrum)
- Chair, Seattle-King County Save the Stupids Foundation
-
