Possible Duplicate:
Why is the `gets' function is dangerous? Why should not be used?
J开发者_运维百科ust started a tutorial in socket programming. But I got this error after compiling with gcc. How to overcome this gets dangerous?
In function `main':
tcpserver.c:(.text+0x1f3): warning: the `gets' function is dangerous and should not be used.
This line of code was obtained from internet (http://www.prasannatech.net/2008/07/socket-programming-tutorial.html):
printf("\n Your message (hit q or Q to quit): ");
gets(send_data);
gets()
blindly writes data into the buffer you give it. It neither knows nor cares about the length of the buffer, making it a buffer overflow waiting to happen. If you can, use fgets()
instead.
For (slightly) more on the dangers of gets, see the Linux gets/fgets manpage.
This is a dupe of a question asked previously on stackoverflow. Basically, gets() can be vulnerable to buffer overruns, so the compiler is suggesting you replace it with another method where you explicitly specify the maximum buffer length to read. This sort of warning is increasingly common in compilers to encourage folks to write code that is more secure (buffer overruns are a common source of security vulnerabilities).
Your tutorial code was presumably written before this guidance became common practice.
精彩评论