Author: Rick Bischoff
Date: 09:17:04 08/29/04
Go up one level in this thread
On August 29, 2004 at 12:04:47, Uri Blass wrote:
>I understand that it happens only in case of an error but
>I do not see how there can be an error.
>
>2)Is it safe to use fgets()?
>I remember that it is not safe to use gets() and I think that for the same
>reason it is not safe to use fgets()
There can be an error if STDIN is closed or at EOF.. This can happen if the
user hits CTRL-D at the console (in Unix type systems). As for being safe, my
OS lists the following in the MAN page:
SECURITY CONSIDERATIONS
The gets() function cannot be used securely. Because of its lack of
bounds checking, and the inability for the calling program to reliably
determine the length of the next incoming line, the use of this function
enables malicious users to arbitrarily change a running program's func-
tionality through a buffer overflow attack. It is strongly suggested
that the fgets() function be used in all cases. (See the FSA.)
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.