X-pop3-spooler: POP3MAIL 2.1.0 b 4 980420 -bs-
To: Vincent Diepeveen <diep AT xs4all DOT nl>
Cc: beastium-list AT Desk DOT nl
Subject: Re: weird things of gcc
References: <3 DOT 0 DOT 32 DOT 19980711232836 DOT 0097a3f0 AT xs4all DOT nl>
Mime-Version: 1.0 (generated by tm-edit 1.4)
Content-Type: text/plain; charset=US-ASCII
From: Andreas Jaeger <aj AT arthur DOT rhein-neckar DOT de>
Date: 13 Jul 1998 08:36:55 +0200
In-Reply-To: Vincent Diepeveen's message of "Sat, 11 Jul 1998 23:28:40 +0100"
Message-ID: <u8g1g6w92w.fsf@arthur.rhein-neckar.de>
X-Mailer: Gnus v5.6.24/XEmacs 21.0 - "Uzbek Black"
Sender: Marc Lehmann <pcg AT goof DOT com>
Status: RO
Content-Length: 1954
Lines: 55

>>>>> Vincent Diepeveen writes:

 > Hello,
 > Forgive me my criticism, but after setting up linux i now try to compile
 > diep for unix, and i get some weird results trying to compile with the
 > standard gcc in redhat 5.1 (gcc --version gives: 2.7.2.3 ):

 > first of all, why doesn't gcc have a predefined function like msvc++ have 
 > called:
 >   max() and min()?
RedHat 5.1 should have MAX and MIN as macros in <sys/param.h>.  max
and min are non standard functions.

 > Further i get completely upset from next warning gnu c++ gives.

 > This is my function:

 > int ReturnFloepWindow(char *sOut) {
 >   printf("%s\n",sOut);
 >   gets(sOut);
 >   return(true);
 > }

 > In the DOS interface of my program this is a function that does all kind of
 > graphical stuff, therefore this function might seem stupid to you, but it's
 > evident what it does.

 > Now gcc gives next warning:

 > "the 'gets' function is dangerous and should not be used."

 > What the #$$##$ does gcc think it's saying to me, am i not allowed to
 > get a string from the keyboard, is there a bug in this function?

This warning comes during the linking stage from the c library (called 
glibc2).  It's just a warning - you can ignore it, or improve your
program;-).

The problem with gets is that if you get input from the keyboard, the
user can input an arbitray length string (say 10k long) and crash your
program.  The man page of gets says (just type `man gets' on your
system):

BUGS
       Because it is impossible to tell without knowing the  data
       in  advance  how  many  characters  gets()  will read, and
       because gets() will continue to store characters past  the
       end  of  the buffer, it is extremely dangerous to use.  It
       has been used to break  computer  security.   Use  fgets()
       instead.

Andreas
-- 
 Andreas Jaeger   aj AT arthur DOT rhein-neckar DOT de    jaeger AT informatik DOT uni-kl DOT de
  for pgp-key finger ajaeger AT alma DOT student DOT uni-kl DOT de