Gets function is unsafe

The C library gets function is inherently unsafe and should never be used.

There is nothing to prevent input from exceeding the size of the buffer. The fgets function is a good safe equivalent.

ID

Observation

Description

1

Call site

The place the function was called

Example

          
#include <stdio.h>

char buffer[256];

char * get_a_line()
{
    // if next input line is longer than 256 this will corrupt memory
    // better is return fgets(buffer, sizeof(buffer), stdin);
    
    return gets(buffer);
}
        

Copyright © 2010, Intel Corporation. All rights reserved.