The C library gets function is inherently unsafe and should never be used.
There is nothing to prevent input from exceeding the size of the buffer. The fgets function is a good safe equivalent.
ID |
Observation |
Description |
---|---|---|
1 |
Call site |
The place the function was called |
#include <stdio.h> char buffer[256]; char * get_a_line() { // if next input line is longer than 256 this will corrupt memory // better is return fgets(buffer, sizeof(buffer), stdin); return gets(buffer); }
Copyright © 2010, Intel Corporation. All rights reserved.