Mail Archives: pgcc/1998/07/13/07:35:26
>>>>> Vincent Diepeveen writes:
> Hello,
> Forgive me my criticism, but after setting up linux i now try to compile
> diep for unix, and i get some weird results trying to compile with the
> standard gcc in redhat 5.1 (gcc --version gives: 2.7.2.3 ):
> first of all, why doesn't gcc have a predefined function like msvc++ have
> called:
> max() and min()?
RedHat 5.1 should have MAX and MIN as macros in <sys/param.h>. max
and min are non standard functions.
> Further i get completely upset from next warning gnu c++ gives.
> This is my function:
> int ReturnFloepWindow(char *sOut) {
> printf("%s\n",sOut);
> gets(sOut);
> return(true);
> }
> In the DOS interface of my program this is a function that does all kind of
> graphical stuff, therefore this function might seem stupid to you, but it's
> evident what it does.
> Now gcc gives next warning:
> "the 'gets' function is dangerous and should not be used."
> What the #$$##$ does gcc think it's saying to me, am i not allowed to
> get a string from the keyboard, is there a bug in this function?
This warning comes during the linking stage from the c library (called
glibc2). It's just a warning - you can ignore it, or improve your
program;-).
The problem with gets is that if you get input from the keyboard, the
user can input an arbitray length string (say 10k long) and crash your
program. The man page of gets says (just type `man gets' on your
system):
BUGS
Because it is impossible to tell without knowing the data
in advance how many characters gets() will read, and
because gets() will continue to store characters past the
end of the buffer, it is extremely dangerous to use. It
has been used to break computer security. Use fgets()
instead.
Andreas
--
Andreas Jaeger aj AT arthur DOT rhein-neckar DOT de jaeger AT informatik DOT uni-kl DOT de
for pgp-key finger ajaeger AT alma DOT student DOT uni-kl DOT de
- Raw text -