是得到（）正式德precated？ [英] Is gets() officially deprecated?

问题描述

一>的C ++ 11，C ++是指ISO / IEC 9899：1999 / Cor.3：2007（E）为C库函数的定义（每§1.2[intro.refs] / 1）

Based on the most recent draft of C++11, C++ refers to ISO/IEC 9899:1999/Cor.3:2007(E) for the definitions of the C library functions (per §1.2[intro.refs]/1).

C99 TC3的，的获取功能已经过时了，而且是德precated。（每§7.26.9/ 2）

Based on the most recent draft of C99 TC3, The gets function is obsolescent, and is deprecated. (per §7.26.9/2)

我可以肯定地说，获得（）是德$ P $在C和C ++ pcated？

Can I safely say that gets() is deprecated in both C and C++?

推荐答案

有什么关系？你所能使用的唯一途径可获得是，如果标准输入被称为是连接到其内容，你有充分的文件掌控。这个条件是几乎不可能满足，特别是在多进程系统中的其他进程可以相对于你的程序异步修改文件。因此，对于所有的实际目的，使用的任何程序可获得是未定义行为（即有可能的输入/供它将有不确定的操作环境），特别是UB其中很可能导致特权妥协，如果你的程序有比数据的提供者更高的权限。

Does it matter? The only way you can ever use gets is if stdin is known to be attached to a file whose contents you have full control over. This condition is almost impossible to satisfy, especially on multiprocess systems where other processes may modify files asynchronously with respect to your program. Therefore, for all practical purposes, any program using gets has undefined behavior (i.e. there are possible inputs/environmental conditions for which it will have undefined behavior), and in particular UB which is likely to lead to privilege compromise if your program has higher privileges than the provider of the data.

编辑：确定，这里有一个安全使用的可获得，大概是唯一一个我能想到的马上...

OK, here's one safe use of gets, about the only one I can think of right off...

if (feof(stdin)) gets(buf);

当然，一些越野车实现（可能包括的glibc ..？）当EOF指标已被设置为一个流甚至允许读取，所以....

Of course some buggy implementations (possibly including glibc..?) permit reads even when the EOF indicator is already set for a stream, so....

这篇关于是得到（）正式德precated？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！