Prevent buffer overflows with gets [duplicate]

Question

This question already has an answer here:

• Why is the gets function so dangerous that it should not be used? 11 answers

The declaration of gets is:

char * gets ( char * str );

Note the glaring omission of a maximum size for str.

cplusplus.com says²:

Notice that gets is quite different from fgets: not only gets uses stdin as source, but it does not include the ending newline character in the resulting string and does not allow to specify a maximum size for str (which can lead to buffer overflows).

And also:

The most recent revision of the C standard (2011) has definitively removed this function from its specification. The function is deprecated in C++ (as of 2011 standard, which follows C99+TC3).

Now, of course, fgets is commonly recommended as a replacement of gets, because its declaration looks like this:

char * fgets ( char * str, int num, FILE * stream );

It DOES take a size parameter. This makes it much safer than gets.

Now since I'm not willing to shell out money to download or buy the C11 standard, can anyone shed some light on the reason for deprecating gets and what it means for future code? Why did it exist in the same place when fgets is safer? And why is it only just now being deprecated?

Answer 1

gets is deprecated because it's unsafe, as what you already quoted, it may cause buffer overflow. For replacement, C11 provides an alternative gets_s with a signature like this:

char *gets_s(char *s, rsize_t n);

Note that C11 still recommends fgets to replace gets.

Whether putting gets in the standard is controversial in the first place, but the Committee decided that gets was useful when the programmer does have adequate control over the input.

Here's the official explanation by the Committee.

Rationale for International Standard - Programming Languages C §7.19.7.7 The gets function:

Because gets does not check for buffer overrun, it is generally unsafe to use when its input is not under the programmer’s control. This has caused some to question whether it should appear in the Standard at all. The Committee decided that gets was useful and convenient in those special circumstances when the programmer does have adequate control over the input, and as longstanding existing practice, it needed a standard specification. In general, however, the preferred function is fgets (see §7.19.7.2).

Answer 2

Now since I'm not willing to shell out money to download or buy the C11 standard, can anyone shed some light on the reason for deprecating gets and what it means for future code?

From C committee in C99 Rationale:

Because gets does not check for buffer overrun, it is generally unsafe to use when its input is not under the programmer’s control. This has caused some to question whether it should appear in the Standard at all. The Committee decided that gets was useful and convenient in those special circumstances when the programmer does have adequate control over the input, and as longstanding existing practice, it needed a standard specification. In general, however, the preferred function is fgets.