Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > Why is it dangerous?

Reply
Thread Tools

Why is it dangerous?

 
 
Richard
Guest
Posts: n/a
 
      08-10-2008
Nick Keighley <(E-Mail Removed)> writes:

> On Aug 10, 12:42*pm, Richard<(E-Mail Removed)> wrote:
>> Richard Heathfield <(E-Mail Removed)> writes:
>> > Julian said:

>
>> >> I'm not new to C and have been programming in it since I was 8 but
>> >> here's a strange problem I've never seen before.

>>
>> >> When I compile a program from our C course with a windows compiler
>> >> there is no problem but when I try to compile it with a linux compiler
>> >> it complains that

>>
>> >> a_03.c.text+0x4d): warning: the `gets' function is dangerous
>> >> and should not be used.

>>
>> >> Is linux more dangerous than windows?

>>
>> > No. Your Linux compiler warned you about a dangerous function that should
>> > never be used.

>>
>> Total and utter nonsense. C is used all over the place for creating
>> elements which are under strict control and the program/process/function
>> has a totally controlled and defined input stream. In those scenarios
>> gets is used flawlessly in millions of programs around the world.
>>
>> if you can NOT define the input then I would agree. But in the real
>> world the input is indeed guarenteed in a properly functioning
>> system.

>
> hardly. Much web based software does not have total control
> of its inputs. Compilers don't have TCOI. Even if the other end of


The dont use gets in this case.

You seem to think I am advocating it when the input is not DEFINED. I am
not.
 
Reply With Quote
 
 
 
 
Richard
Guest
Posts: n/a
 
      08-10-2008
"Serve Lau" <(E-Mail Removed)> writes:

> "Antoninus Twink" <(E-Mail Removed)> schreef in bericht
> news:(E-Mail Removed)...
>> True. The world might also be destroyed in a nuclear holocaust while
>> your throwaway program is reading its non-life-critical data, so why
>> take the risk of programming at all? Drink a beer, get laid, and wait
>> for the mushroom cloud to take you.

>
> I agree except on one thing. I'd drink the beer last


You would? I would drink it second.
 
Reply With Quote
 
 
 
 
Barry Schwarz
Guest
Posts: n/a
 
      08-10-2008
On Sun, 10 Aug 2008 09:27:13 +0100, "Malcolm McLean"
<(E-Mail Removed)> wrote:

>
>"Gordon Burditt" <(E-Mail Removed)> wrote in message
>> There is no non-dangerous gets() function with the same interface.
>> The non-dangerous function is called fgets().
>>

>This is a hardy annual.
>Of course fgets() can be used safely, but won't be. For instance Richard
>Heathfield posted a dangerous use of fgets() in this very thread. It will
>give the wrong answer if the user enters a string of over 2000 characters.


Any code that does not check the status of "service requests" is
dangerous. But this is a result of sloppy programming. It is not an
inherent property of the request itself as a call to gets() is.

>Of course it is not dangerous in a little exercise program that doesn't do
>anything, but then neither is gets().


I guess on your system undefined behavior can never do any harm.

>
>To use fgets() safely you must check for the newline. If it is not present a
>buffer overflow occurred. So you must then take action against the buffer to


Actually, a buffer overflow was prevented.

>ensure that the next read doesn't get the remainder of the previous line.


The recommended action should be either:

Whatever the program needs to do to obtain the remainder of
the line so the input can be processed as intended .

Reject the input with appropriate notification to the user and
suitable follow-on action

--
Remove del for email
 
Reply With Quote
 
santosh
Guest
Posts: n/a
 
      08-10-2008
Antoninus Twink wrote:

> On Sun, 10 Aug 2008 13:27:34 +0530, santosh wrote:
>> CBFalconer wrote:
>>> Correction: That omits many useful tests. I suggest:
>>> gcc -W -Wall -ansi -pedantic
>>> for better error detection.

>>
>> I would also recommend:
>> [...]
>> -Wpointer-arith

>
> This is redundant, since it's already enabled by -pedantic.


This is not mentioned in my gcc documentation. Looking it up on the
Web... yes I see you're right. Must have been added recently.

 
Reply With Quote
 
santosh
Guest
Posts: n/a
 
      08-10-2008
Malcolm McLean wrote:

>
> "Ben Bacarisse" <(E-Mail Removed)> wrote in message news:
>> "Malcolm McLean" <(E-Mail Removed)> writes:
>>
>>> "Gordon Burditt" <(E-Mail Removed)> wrote in message
>>>> There is no non-dangerous gets() function with the same interface.
>>>> The non-dangerous function is called fgets().
>>>>
>>> This is a hardy annual.
>>> Of course fgets() can be used safely, but won't be. For instance
>>> Richard Heathfield posted a dangerous use of fgets() in this very
>>> thread. It will give the wrong answer if the user enters a string of
>>> over 2000 characters.

>>
>> You have allowed yourself to slip into polemic. It is not clear, at
>> least to me, what the right answer is so you are stretching the point
>> -- be careful with fgets and long lines -- by saying that the answer
>> is "wrong" and the use "dangerous".
>>

> if I enter
>
> "My name is Rumplewumple ... stiltskin"
> and the program comes back
>
> "You entered My name is Rumplewumple ... stilt"
>
> Then I might well object that that's my cousin. Which is potentially
> dangerous, depending on what the program is being used for.


If the integrity of your data is valuable, you have to program
carefully. Simple isn't it. In such situations using fgets()
simplistically is not good enough, but it's still *better* than gets.
It's a question of getting data a little wrong or overrunning buffers
with *any* consequences from an immediate crash (lucky you) to altering
valuable data elsewhere.

There is no debate whether gets or fgets is safer. The latter is
*always* the safer option. If you want a line getting function with the
interface of gets, then it's easy enough to write your own.

 
Reply With Quote
 
santosh
Guest
Posts: n/a
 
      08-10-2008
Antoninus Twink wrote:

> On 10 Aug 2008 at 13:17, santosh wrote:
>> Richard wrote:
>>> Total and utter nonsense. C is used all over the place for creating
>>> elements which are under strict control and the
>>> program/process/function has a totally controlled and defined input
>>> stream. In those scenarios gets is used flawlessly in millions of
>>> programs around the world.

>>
>> I wonder, can you give examples of sources of perfectly controlled
>> and defined input? Certainly disk files can be tampered, as can
>> pipes, sockets and almost every other device.

>
> True. The world might also be destroyed in a nuclear holocaust while
> your throwaway program is reading its non-life-critical data, so why
> take the risk of programming at all? Drink a beer, get laid, and wait
> for the mushroom cloud to take you.


I'd use fgets even for a "throwaway" program because it's really as easy
to use and I won't have to worry about carefully deleting the sources
later.

 
Reply With Quote
 
CBFalconer
Guest
Posts: n/a
 
      08-10-2008
Malcolm McLean wrote:
> "Ben Bacarisse" <(E-Mail Removed)> wrote in message news:
>

.... snip ...
>>
>> You have allowed yourself to slip into polemic. It is not clear,
>> at least to me, what the right answer is so you are stretching
>> the point -- be careful with fgets and long lines -- by saying
>> that the answer is "wrong" and the use "dangerous".

>
> if I enter
> "My name is Rumplewumple ... stiltskin"
> and the program comes back
> "You entered My name is Rumplewumple ... stilt"
>
> Then I might well object that that's my cousin. Which is potentially
> dangerous, depending on what the program is being used for.


If that happens you have made an error in writing the program. It
is simple to avoid any such result while using fgets.

--
[mail]: Chuck F (cbfalconer at maineline dot net)
[page]: <http://cbfalconer.home.att.net>
Try the download section.


 
Reply With Quote
 
Ben Bacarisse
Guest
Posts: n/a
 
      08-10-2008
CBFalconer <(E-Mail Removed)> writes:

> santosh wrote:
>> Harald van D?k wrote:
>>> santosh wrote:
>>>> CBFalconer wrote:
>>>>
>>>>> Correction: That omits many useful tests. I suggest:
>>>>>
>>>>> gcc -W -Wall -ansi -pedantic
>>>>>
>>>>> for better error detection.
>>>>
>>>> I would also recommend:
>>>> [...]
>>>> -Wwrite-strings
>>>
>>> I would not, since it deliberately makes the compiler nonconforming.
>>> For those that understand in what ways, it can be useful, but they
>>> can find the option themselves. CBFalconer included that option in
>>> his recommendations recently, and I'm glad he dropped it.

>>
>> Thanks for that. I do remember that subthread now, but I passed over
>> it, being pressed for time. Now, to the Google Groups archive...

>
> I didn't drop it. I conceded your 'non-standard' point. I
> maintain that, for new code, including it will result in better
> code, and maintain conformity. It may object to some actually
> conforming code.


So it seems you did not accept *my* point of a program that requires a
diagnostic which -Wwrite-strings suppresses.

--
Ben.
 
Reply With Quote
 
CBFalconer
Guest
Posts: n/a
 
      08-10-2008
Ben Bacarisse wrote:
> CBFalconer <(E-Mail Removed)> writes:
>

.... snip ...
>
>> I didn't drop it. I conceded your 'non-standard' point. I
>> maintain that, for new code, including it will result in better
>> code, and maintain conformity. It may object to some actually
>> conforming code.

>
> So it seems you did not accept *my* point of a program that
> requires a diagnostic which -Wwrite-strings suppresses.


No. I consider the chance of a complex program trying to write to
a non-writable string is more likely than the case you brought up
(which I have absent-mindedly forgotten). And, if I need it, I am
quite capable of remove -Wwrite-strings from the command for a
particular compilation.

--
[mail]: Chuck F (cbfalconer at maineline dot net)
[page]: <http://cbfalconer.home.att.net>
Try the download section.

 
Reply With Quote
 
Doug Miller
Guest
Posts: n/a
 
      08-10-2008
In article <(E-Mail Removed)>, Barry Schwarz <(E-Mail Removed)> wrote:
>On Sun, 10 Aug 2008 09:27:13 +0100, "Malcolm McLean"
><(E-Mail Removed)> wrote:
>
>>
>>"Gordon Burditt" <(E-Mail Removed)> wrote in message
>>> There is no non-dangerous gets() function with the same interface.
>>> The non-dangerous function is called fgets().
>>>

>>This is a hardy annual.
>>Of course fgets() can be used safely, but won't be. For instance Richard
>>Heathfield posted a dangerous use of fgets() in this very thread. It will
>>give the wrong answer if the user enters a string of over 2000 characters.

>
>Any code that does not check the status of "service requests" is
>dangerous. But this is a result of sloppy programming. It is not an
>inherent property of the request itself as a call to gets() is.


Since gets() returns the same indication both when the input overflows the
buffer allocated for it, and when it doesn't -- thus necessarily precluding
the possibility of any such status check -- it could be argued that the use of
gets() constitutes "sloppy programming" in and of itself.
>
>>Of course it is not dangerous in a little exercise program that doesn't do
>>anything, but then neither is gets().

>
>I guess on your system undefined behavior can never do any harm.
>
>>
>>To use fgets() safely you must check for the newline. If it is not present a
>>buffer overflow occurred. So you must then take action against the buffer to

>
>Actually, a buffer overflow was prevented.
>
>>ensure that the next read doesn't get the remainder of the previous line.

>
>The recommended action should be either:
>
> Whatever the program needs to do to obtain the remainder of
>the line so the input can be processed as intended .
>
> Reject the input with appropriate notification to the user and
>suitable follow-on action
>

Exactly so.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
why why why why why Mr. SweatyFinger ASP .Net 4 12-21-2006 01:15 PM
findcontrol("PlaceHolderPrice") why why why why why why why why why why why Mr. SweatyFinger ASP .Net 2 12-02-2006 03:46 PM
Cisco 2611 and Cisco 1721 : Why , why , why ????? sam@nospam.org Cisco 10 05-01-2005 08:49 AM
Why, why, why??? =?Utf-8?B?VGltOjouLg==?= ASP .Net 6 01-27-2005 03:35 PM
Why Why Why You HAVE NO IDEA MCSE 31 04-24-2004 06:40 PM



Advertisments