C – scanf() vs gets() vs fgets()

by

  • Never use gets. It offers no protections against a buffer overflow vulnerability (that is, you cannot tell it how big the buffer you pass to it is, so it cannot prevent a user from entering a line larger than the buffer and clobbering memory).

  • Avoid using scanf. If not used carefully, it can have the same buffer overflow problems as gets. Even ignoring that, it has other problems that make it hard to use correctly.

  • Generally you should use fgets instead, although it’s sometimes inconvenient (you have to strip the newline, you must determine a buffer size ahead of time, and then you must figure out what to do with lines that are too long–do you keep the part you read and discard the excess, discard the whole thing, dynamically grow the buffer and try again, etc.). There are some non-standard functions available that do this dynamic allocation for you (e.g. getline on POSIX systems, Chuck Falconer’s public domain ggets function). Note that ggets has gets-like semantics in that it strips a trailing newline for you.

More Related Contents:

  1. Why is the gets function so dangerous that it should not be used?
  2. fgets doesn’t work after scanf [duplicate]
  3. fgets instructions gets skipped.Why?
  4. Input in C. Scanf before gets. Problem
  5. Program doesn’t execute gets() after scanf(), even using fflush(stdin)
  6. Why is the gets function so dangerous that it should not be used?
  7. How do the puts and gets functions work?
  8. Difference between scanf() and fgets()
  9. decimal of numbers in c
  10. C program goes into infinite loop with scanf [duplicate]
  11. Why is scanf() causing infinite loop in this code?
  12. What can I use for input conversion instead of scanf?
  13. Simple C scanf does not work? [duplicate]
  14. scanf Getting Skipped [duplicate]
  15. Why does reading into a string buffer with scanf work both with and without the ampersand (&)?
  16. C skipping one command of a function? [duplicate]
  17. abnormal behavior of scanf [duplicate]
  18. using scanf(“%d “) with a space after the %d
  19. Difference between scanf and scanf_s
  20. Read no more than size of string with scanf()
  21. Why does scanf fail with floats?
  22. How do we test the return values from the scanf() function?
  23. Disable warning: the `gets’ function is dangerous in GCC through header files?
  24. Whitespace before %c specification in the format specifier of scanf function in C
  25. How to read from input until newline is found using scanf()?
  26. using scanf function with pointers to character
  27. Wrong format specifiers in scanf (or) printf
  28. C: How can I make it so scanf() input has one of two formats?
  29. How to fgets() a specific line from a file in C?
  30. What is the difference between %f and %lf in C?

Leave a Comment