Why is get () more dangerous than scanf ()?

Question

Why is get () more dangerous than scanf ()?

It seems to me that both have the potential for buffer overflows. However, I am advised never to use gets (), but it is still recommended to use scanf ().

Is it just because of the formatting arguments allowed in scanf (), or is there another reason?

+5

c

Dagoth len Mar 13 '13 at 16:14

source share

6 answers

, , gets() . , gets() ( C11). , scanf() . , scanf() .

, fgets(), .

+2

P.P. 13 . '13 16:19

. fgets , .

+1

suspectus 13 . '13 16:17

gets . scanf .

, C?

+1

Valeri Atamaniouk 13 . '13 16:20

- scanf().

Google "scanf security" ~ 212k. Wikipedia, ,

%s .

, scanf . gets , scanf , gets - .

+1

Fred Foo 13 . '13 16:22

gets() . , . gets() . , , gets() . - , . , . , , , execv(), . . gets() .

+1

Deepu Mar 13 '13 at 16:27

source share

greydet · Accepted Answer · 2013-03-13T16:19:28+0000

The function is getsnot protected from buffer overflow.

Using the format string, scanfyou can determine the maximum length of the string for reading from standard input and saving in this memory buffer. For example, when scanf("%10s\n", str);no more than 10 characters are read. The buffer strmust be 11 bytes in order to preserve the terminating NULL character.

, scanf, gets, fgets.

Why is get () more dangerous than scanf ()?

More articles: