文章讨论了C语言中gets()函数的安全隐患,建议避免使用,因为它可能导致缓冲区溢出。推荐使用fgets()替代,尽管它需要额外处理换行符和长行处理。还提到了非标准的动态分配内存的函数选项。
-
Never use
gets. It offers no protections against a buffer overflow vulnerability (that is, you cannot tell it how big the buffer you pass to it is, so it cannot prevent a user from entering a line larger than the buffer and clobbering memory). -
Avoid using
scanf. If not used carefully, it can have the same buffer overflow problems asgets. Even ignoring that, it has other problems that make it hard to use correctly. -
Generally you should use
fgetsinstead, although it's sometimes inconvenient (you have to strip the newline, you must determine a buffer size ahead of time, and then you must figure out what to do with lines that are too long–do you keep the part you read and discard the excess, discard the whole thing, dynamically grow the buffer and try again, etc.). There are some non-standard functions available that do this dynamic allocation for you (e.g.getlineon POSIX systems, Chuck Falconer's public domainggetsfunction). Note thatggetshasgets-like semantics in that it strips a trailing newline for you.
char *result = fgets(str, sizeof(str
最低0.47元/天 解锁文章
扫一扫
1253
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
