Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Don't use gets

Status
Not open for further replies.
SpeakerForTheDead

SpeakerForTheDead

Programmer
Jan 31, 2002
28
0
0
US
I've heard often that one should never use gets. I've been told to use cin.getline instead.

Does anyone know if gets could seriously mess up one's compiler if used frequently?
 
The problem with gets is that there's no parameter for the maximum number of characters to read. This leaves major security holes in your application.

For example:

Code: 
char text[100];

gets(text);

If someone inputs text longer than 100 characters, gets will read in all the characters inputted. That person has now overwrote the program's call stack. A malicious user can put machine-language commands after the 100th character, and they will be executed.
 
Status
Not open for further replies.

Similar threads

maapi
  • Locked
  • Question
How to use shell execute to open internet explore
Replies
0
Views
179
maapi
maapi
markftwain
  • Locked
  • Question
E_ACCESSDENIED with SAPI 5.3 GetStorageFilename
Replies
0
Views
69
markftwain
markftwain
bkelly13
  • Locked
  • Question
GetSystemTime
Replies
5
Views
137
bkelly13
bkelly13
Bujitsu
  • Locked
  • Question
When to use the different VC++ projects? 2
Replies
2
Views
64
xwb
xwb
9193
  • Locked
  • Question
Use MFC class in C++/CLI
Replies
5
Views
89
macleod1021
macleod1021

Part and Inventory Search

Sponsor

Back
Top