Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 20 Feb 2001 17:34:55 -0600
From:      Lucas Bergman <>
To:        Arthur Boynagryan <>
Subject:   Re: OT: Alternative to gets() function?
Message-ID:  <>
In-Reply-To: <000001c09b01$b1865fa0$4a07a8c0@user0000011909>; from on Tue, Feb 20, 2001 at 09:55:12AM +0400
References:  <000001c09b01$b1865fa0$4a07a8c0@user0000011909>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hi --

> I've been reading man page for gets() and fgets() and noticed the
> following:
> "Since it is usually impossible to ensure that the next input line
> is less than some arbitrary length, and because overflowing the
> input buffer is almost invariably a security violation, programs
> should NEVER use gets()."
> What can you recommend instead of gets()? Does this also apply to
> fgets()? I'm mostly interested in fgets().

fgets() is safe, provided you're careful about its second parameter.
Observe that the following programs are equivalent except that the
first has undefined behavior (read: seg fault) if given a line of >99
characters on standard input.  In the second program, a line of >99
characters is truncated past the 99th character:

#include <stdio.h>
int main() { char s[100]; gets(s); return 0; }

#include <stdio.h>
int main() { char s[100]; fgets(s,99,stdin); return 0; }


To Unsubscribe: send mail to
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <>