Related Articles

Related Articles

gets() is risky to use!
  • Difficulty Level : Easy
  • Last Updated : 05 Nov, 2020

Consider the below program. 

C

filter_none

edit
close

play_arrow

link
brightness_4
code

void read()
{
   char str[20];
   gets(str);
   printf("%s", str);
   return;
}

chevron_right


The code looks simple, it reads string from standard input and prints the entered string, but it suffers from Buffer Overflow as gets() doesn’t do any array bound testing. gets() keeps on reading until it sees a newline character. 
To avoid Buffer Overflow, fgets() should be used instead of gets() as fgets() makes sure that not more than MAX_LIMIT characters are read.

C

filter_none

edit
close

play_arrow

link
brightness_4
code

#define MAX_LIMIT 20
void read()
{
   char str[MAX_LIMIT];
   fgets(str, MAX_LIMIT, stdin);
   printf("%s", str);
 
   getchar();
   return;
}

chevron_right


NOTE: fgets() stores the ‘\n’ character if it is read, so removing that has to be done explicitly by the programmer. It is hence, generally advised that your str can store at least (MAX_LIMIT + 1) characters if your intention is to keep the newline character. This is done so there is enough space for the null terminating character ‘\0’ to be added at the end of the string.

If keeping the newline character is not intended, then one can simply do the following-

C



filter_none

edit
close

play_arrow

link
brightness_4
code

int len = strlen(str);
 
// Remove the '\n' character and replace it with '\0'
str[len - 1] = '\0';

chevron_right


Please feel free to read more about gets() and fgets() here.

Please write comments if you find anything incorrect in the above article, or you want to share more information about the topic discussed above.

Attention reader! Don’t stop learning now. Get hold of all the important C++ Foundation and STL concepts with the C++ Foundation and STL courses at a student-friendly price and become industry ready.




My Personal Notes arrow_drop_up
Recommended Articles
Page :