if one complains about gets(), why not do the same with scanf(“%s”,…)?

Question

From man gets:

Never use gets(). Because it is impossible to tell without knowing the data in advance how many characters ge

Answer 1

Using gets() is never safe. scanf() can be used safely, as you said in your question. However, determining if you're using it safely is a more difficult problem for the compiler to work out (e.g. if you're calling scanf() in a function where you pass in the buffer and a character count as arguments, it won't be able to tell); in that case, it has to assume that you know what you're doing.