gets() function throw exception? [duplicate] - c

This question already has answers here:
Why is the gets function so dangerous that it should not be used?
(13 answers)
Closed 4 years ago.
void getInputWith_gets()
{
char firstName[5];
char lastName[5];
printf("Enter your first name: ");
gets(firstName);
printf("Enter your last name: ");
gets(lastName);
printf("Hello, %s, %s\n", firstName, lastName);
}
int main(int argc, char **argv)
{
getInputWith_gets();
//getInputWith_fgets();
system("pause");
return 0;
}
I am using MS Visual Studio 2017, I know the restriction of using the "gets()" function that I have a maximum of 5 chars to be entered but if I entered exactly 5 characters, the console prints correctly(and doesn't print "press any key to continue... due to "system("pause") statment") but the program get stuck at the debugger screen and after the last "printf" statement I get a a red error symbol with a pop-up saying:
"Run-Time Check Failure #2 - Stack around the variable 'lastName' was corrupted."
does this means that the "gets()" function will read 5 exclusive characters only?

You have multiple bugs here:
In ancient, obsolete C where gets existed, you must #include <stdio.h> or otherwise you might get weird run-time behavior, since ancient obsolete C allowed functions with no prototype.
In modern and semi-modern C, the function gets is removed/flagged obsolete and should never be used. See Why is the gets function so dangerous that it should not be used? and also What are the functions from the standard library that must/should be avoided?.
Strings in C are null terminated, meaning you have to leave room for the null terminator.
Also note that the function format void getInputWith_gets() is obsolete style, you should be writing void getInputWith_gets(void).
Overall, it seems you are learning C from a completely outdated source (over 20 years outdated).

Related

Why string[10] containing more 10 character in c? [duplicate]

This question already has answers here:
Char array can hold more than expected
(3 answers)
Why is the gets function so dangerous that it should not be used?
(13 answers)
Closed 28 days ago.
I'm taking array of character size of 10 , but in return it gives me out-range array(10+) string, YOU CAN REFER TO MY CODE
#include<stdio.h>
int main(){
char name[10]; `array of 10 Character`
gets(name); `INPUT: THIS IS BEAUTIFUL WORLD!`
printf("Given string %s", name); `it should print only 10 string in c`
` OUTPUT : Given string THIS IS BEAUTIFUL WORLD! `
return 0;
}
https://en.cppreference.com/w/c/io/gets
char *gets( char *str );
The gets() function does not perform bounds checking, therefore this function is extremely vulnerable to buffer-overflow attacks. It cannot be used safely (unless the program runs in an environment which restricts what can appear on stdin). For this reason, the function has been deprecated in the third corrigendum to the C99 standard and removed altogether in the C11 standard. fgets() and gets_s() are the recommended replacements.

sscanf - using same variable multiple times [duplicate]

This question already has answers here:
Is scanf("%d%d", &x, &x) well defined?
(3 answers)
Closed 4 years ago.
I'm trying to handle user input for 2 following commands:
quit
open <n>
where is an integer.
Right now, my solution is the following:
char input_string[10];
int n;
int trail_index;
//<user input here>
sscanf(input_string, "%s%n %d%n", command, &trail_index, &n, &trail_index);
The trail_index is assigned correctly for me (4 in case of quit command, 6 in case of "open 1"), but since the program may be used with different compilers and platforms, the question is: is the behavior of sscanf guaranteed to work this way when you use the same variable multiple times, or is this undefined behavior that just happens to work for Visual C?
From this scanf (and family) reference
There is a sequence point after the action of each conversion specifier; this permits storing multiple fields in the same "sink" variable.
So this is indeed well-defined behavior and allowed.

C - runtime error while printing string(using a pointer) [duplicate]

This question already has answers here:
Segmentation fault with scanf and strings in C
(3 answers)
Closed 5 years ago.
I have a problem with a simple C program and i need your help.I declare a string, using a pointer.Using scanf I give it a value from stdin.Later I try printing this string.It all compiles well,but when i run the program, it accepts my string,and when it gets to printing, i recieve a run-time error with return value 3221225477.
Where is the problem here?
I'm using DEV C++ IDE btw.
Note: I also tried doing the same on ideone.com online compiler and it doesn't give a runtime error,but instead of string given in stdin, it prints (null).
Here is the code:
#include <stdio.h>
int main(void)
{
char *string;
scanf("%s", string);
printf("Hello,%s !", string);
return 0;
}
You need to allocate space for the variable string.
For example:
char *string;
int i;
scanf("%d", &i);
string = (char*)malloc(sizeof(char)*i);
And then you can read from input and print the string

program to find length of a string [duplicate]

This question already has answers here:
Program didn't crash when buffer overflow
(2 answers)
Closed 6 years ago.
If I input string of more than size 10 then why is not generating compile time error as I have declared str of size 10? For example I have input welcome to the world, then it is compiling and running with no error.
#include <stdio.h>
#include <conio.h>
int main() {
int i = 0, length;
char str[10];
printf("enter string: ");
gets(str);
while (str[i] !='\0') {
i = i + 1;
}
length = i;
printf("the length of string is %d", length);
}
An input string is a runtime entity. Any computation involving it cannot be performed at compile time, so the best you can do is raise a runtime error.
Furthermore, gets is marked deprecated in C99 and simply removed from C11 because exactly this insecure behavior cannot be prevented: without anyone complaining, you can write beyond array bounds, which is undefined behavior. Use fgets instead, which provides a higher level of security.
Because gets does not take a length parameter it does not know how large your input buffer is.
you can use fgets instead
It is a undefined behaviour. Anything can happen.
Never use gets() because it does not prevent buffer overflowing which is what your program is doing. Use fgets() instead of gets().
fgets() prevent the size of array beyond that.
fgets(array, sizeOfArray, stdin);
Because you defined the string length as 10, so if the value increases the program stops executing, moreover you have not made handling error mechanism for the code. So resulting the following error you mentioned. Use fgets

Is the gets() string function in C considered a bad practice? [duplicate]

This question already has answers here:
Why is the gets function so dangerous that it should not be used?
(13 answers)
Closed 6 years ago.
was reading the Head first C book and stumbled across the author saying gets() to be a bad practice
gets() is a function that’s
been around for a long time.
But all you really need to know
is that you really shouldn’t
use it.
why is it considered a bad practice?
Consider
#include<stdio.h>
int main()
{
char buffer[100];
gets(buffer);
printf("The input is %s",buffer);
}
When user types input of length within 99 then there is no problem. But when user types more than 99 characters it tries to write into memory it doesn't own.
The worst thing is it causes abnormal behaviour and the program terminates without any information which leaves user baffled about the current situation
An alternative way is to use char *fgets(char *s, int size, FILE *stream); function
Update: As pointed by #pmg : gets() removes newline while fgets() retains the new line
gets is prone to buffer overruns (i.e. memory corruption etc).
fgets over comes this by having passing in the size of the buffer

Resources