KEMBAR78
Gets | PDF | Computer Programming | Computing
Scribd
Upload
9 views2 pages

Gets

Uploaded by

Derek Dixman Chakowela
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views2 pages

Gets

Uploaded by

Derek Dixman Chakowela
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Here is a discussion about the gets() function and its relationship to formatted and

unformatted input, drawing on external information. The provided sources do not discuss
these functions.

gets() function and Unformatted Input

In C, the gets() function was used to read a line of text from the standard input (typically
the keyboard) and store it in a character array. It was considered an "unformatted" input
function because it didn't interpret or convert the input data based on format specifiers. It
simply read a stream of characters until a newline character (\n) was encountered, replacing
the newline character with a null terminator (\0) to create a valid C-style string.

However, gets() is known to be extremely dangerous and prone to buffer overflow


vulnerabilities. A buffer overflow happens when more data is read than the buffer (character
array) can hold. Since gets() doesn't check the size of the buffer, it can overwrite memory
beyond the allocated space, leading to unpredictable program behavior, crashes, or even
security exploits.

Example:

char buffer;
gets(buffer);

If the user inputs more than 9 characters, gets() will continue to write those characters
beyond the allocated space for buffer, potentially corrupting other parts of the program's
memory.

Formatted Input Functions and Safer Alternatives

Formatted input functions, like scanf() and fgets(), provide a safer way to read input.
They interpret the input based on format specifiers and can limit the amount of data read.

• scanf(): Reads input based on format specifiers (e.g., %d for integers, %s for strings).
While scanf() can be vulnerable to buffer overflows if not used carefully, it provides
some control over the input data type and length.
• fgets(): This is the recommended alternative to gets(). It reads a line of text from a
specified stream (e.g., stdin for standard input) and stores it in a buffer. Importantly,
fgets() takes an argument specifying the maximum number of characters to read,
preventing buffer overflows.

Example using fgets():

char buffer;
fgets(buffer, sizeof(buffer), stdin);

This code reads a line from standard input into the buffer, but it limits the input to a
maximum of 99 characters, leaving space for the null terminator.

Why gets() is Deprecated


Due to its inherent security risks, the gets() function has been officially removed from the C
standard library (since C11). Using gets() is strongly discouraged.

Summary

Function Input Type Buffer Overflow Protection Recommended


gets() Unformatted No No
scanf() Formatted Limited Use Cautiously
fgets() Unformatted Yes Yes

This information is provided based on general C programming knowledge and may need to
be verified independently as it is not included in the provided source materials.

You might also like