这一段搬运自stackoverflow:
Why is gets() dangerous
The first internet worm (the Morris Internet Worm) escaped about 30 years ago (1988-11-02), and it used gets() and a buffer overflow as one of its methods of propagating from system to system. The basic problem is that the function doesn’t know how big the buffer is, so it continues reading until it finds a newline or encounters EOF, and may overflow the bounds of the buffer it was given.
You should forget you ever heard that gets() existed.
The C11 standard ISO/IEC 9899:2011 eliminated gets() as a standard function, which is A Good Thing™ (it was formally marked as ‘obsolescent’ and ‘deprecated’ in ISO/IEC 9899:1999/Cor.3:2007 — Technical Corrigendum 3 for C99, and then removed in C11). Sadly, it will remain in libraries for many years (meaning ‘decades’) for reasons of backwards compatibility.
以上:蠕虫病毒就是来自与gets无限读取的问题 由于gets不会判断缓冲区有多大 所以会一直读到EOF或者是’\n’ 这就有可能导致缓冲区溢出的问题
在C11(2011)标准中删除了gets,但由于向下兼容导致这个函数一直存在库里
更安全的用法是用fgets指定读取范围 或是 用getline
另外:
有的时候写题目用gets会导致WA 可能是由于
windows的换行符是\r\n,linux的换行符只有\n,在windows系统下用gets会吞掉每一行最后面的\r\n,但是linux下用gets只会吞掉最后一个\n
那么问题来了,如果数据是在windows环境下构造的,换行符用的是\r\n,但是服务器是linux,管理员直接把windows下生成的数据没经过任何处理就移动到了linux的服务器里
, 那么在oj的测评时,每一行的最后都会多一个\r,所以有时候会稀里糊涂的wa
--------------------- 逍遥丶綦 来源:CSDN 原文:https://blog.csdn.net/qwb492859377/article/details/48323443
版权声明:本文为博主原创文章,转载请附上博文链接!
所以如此不安全的gets还是少用为妙…
扫一扫
1279
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
