| delorie.com/archives/browse.cgi | search |
| X-Authentication-Warning: | delorie.com: mailnull set sender to djgpp-bounces using -f |
| Message-ID: | <3C14CD57.F9EEB80B@iedu.com> |
| From: | Morris Dovey <mrdovey AT iedu DOT com> |
| Organization: | Mission-Critical Systems |
| X-Mailer: | Mozilla 4.61 [en] (X11; U; Linux 2.0.36 i686) |
| X-Accept-Language: | en, fr, pt, ru, es |
| MIME-Version: | 1.0 |
| Newsgroups: | comp.lang.c,comp.os.msdos.djgpp,comp.lang.c++ |
| Subject: | Re: String substitution to another |
| References: | <3C151123 DOT D1E94FE8 AT surfeu DOT fi> <3c149894 DOT 7181858 AT news DOT tiscali DOT nl> <9v2knf$htt$0 AT 216 DOT 39 DOT 135 DOT 9> |
| Lines: | 28 |
| Date: | Mon, 10 Dec 2001 09:57:27 -0500 |
| NNTP-Posting-Host: | 63.224.188.25 |
| X-Trace: | news.uswest.net 1007999892 63.224.188.25 (Mon, 10 Dec 2001 09:58:12 CST) |
| NNTP-Posting-Date: | Mon, 10 Dec 2001 09:58:12 CST |
| To: | djgpp AT delorie DOT com |
| DJ-Gateway: | from newsgroup comp.os.msdos.djgpp |
| Reply-To: | djgpp AT delorie DOT com |
Aaron Evans wrote: > how is > > gets(filename) || length > MAXLINELENGTH > > more dangerous than > > fgets (strline, MAXLINELENGTH, fileptr); Aaron... gets(buffer) accepts input of /any/ length - without consideration for the actual length of the buffer (it will happily attempt to read a megabyte into a 10-char area). The best possible result of overflowing the buffer is that the program crashes. The worst possible result would be a hostile input /not/ crashing the program; and causing the system to take destructive actions such as trashing the hard disk, erasing any NVRAMS, and sending insulting messages in your name to your boss. The cost of not using gets() is low. The cost of using it could be high. HTH -- Morris Dovey West Des Moines, Iowa USA
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |