为什么变得功能非常危险的，它不应该被使用？ [英] Why is the gets function so dangerous that it should not be used?

问题描述

当我尝试编译C code，它使用了获得函数中，我得到一个警告：警告：该得到的功能是很危险的并且不应当被使用。

When I try to compile C code that uses the gets function, I get a warning: warning: the gets function is dangerous and should not be used.

我记得这事做与堆栈保护和安全，但我不知道确切原因。有人可以帮我删除该警告，并解释为什么会出现这样的警告？如果获得是这样的危险，那么我们为什么不能删除它？

I remember this has something to do with stack protection and security, but I'm not sure exactly why. Can someone help me with removing this warning and explain why there is such a warning? If gets is so "dangerous" then why can't we remove it?

推荐答案

为了使用获得安全，你必须知道你会到底有多少字符阅读，这样就可以让你的缓冲区足够大。你只知道，如果你确切地知道你会被读取的数据。

In order to use gets safely, you have to know exactly how many characters you will be reading, so that you can make your buffer large enough. You will only know that if you know exactly what data you will be reading.

而不是使用被，您要使用的 与fgets ，其中有签字

Instead of using gets, you want to use fgets, which has the signature

char* fgets(char *string, int length, FILE * stream);

（与fgets ，如果它读取整条生产线，将字符串中离开的'\\ n';你必须面对这一切。）

(fgets, if it reads an entire line, will leave the '\n' in the string; you'll have to deal with that.)

它仍然语言达1999 ISO C标准的正式组成部分，但
它被正式通过了2011年标准中删除。大多数C实现仍然支持它，但至少gcc的问题，为使用它的任何code警告。

It remained an official part of the language up to the 1999 ISO C standard, but it was officially removed by the 2011 standard. Most C implementations still support it, but at least gcc issues a warning for any code that uses it.

这篇关于为什么变得功能非常危险的，它不应该被使用？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！