MPD78
12-08-2009, 02:09 PM
Hello all,
I have been using the gets() function in combination with the printf() function to obtain input from the user. This made the checking of acceptable input data relatively easy, however I was reading in Bjarne Stroutstrup's book, "Programming Principles and Practice Using C++" that the gets() function should never be used. He states the following:
"Together with its close cousin scanf("%s"), gets() used to be the root cause of about a quarter of all successful hacking attempts. It is still a major security problem."
"Thus, gets() almost certainly leads to memory corruption (of the bytes after the buffer), and memory corruption is a major tool of crackers."
I write small programs (500 - 2000) lines of code for my own use to aide in the design of process equipment. I am not concerned about security breaches. The memory corruption is not something I totally understand. I have been using these programs for sometime without any problems.
So my questions are;
Should I remove all of the gets() functions and use getline()?
Are my programs so small that the editorial above does not even apply?
Has anyone encounted memory corruption?
Thanks
Matt
I have been using the gets() function in combination with the printf() function to obtain input from the user. This made the checking of acceptable input data relatively easy, however I was reading in Bjarne Stroutstrup's book, "Programming Principles and Practice Using C++" that the gets() function should never be used. He states the following:
"Together with its close cousin scanf("%s"), gets() used to be the root cause of about a quarter of all successful hacking attempts. It is still a major security problem."
"Thus, gets() almost certainly leads to memory corruption (of the bytes after the buffer), and memory corruption is a major tool of crackers."
I write small programs (500 - 2000) lines of code for my own use to aide in the design of process equipment. I am not concerned about security breaches. The memory corruption is not something I totally understand. I have been using these programs for sometime without any problems.
So my questions are;
Should I remove all of the gets() functions and use getline()?
Are my programs so small that the editorial above does not even apply?
Has anyone encounted memory corruption?
Thanks
Matt