Ubuntu
gcc-4.2 package

Warning when using gets() funtion in C++

Asked by pepperblue

I wrote this program for test C++.

*********************************************************
#include<iostream>
#include<string>

using namespace std;

class stud {
 private:
 int rno;
 char name[20];
 public:
 void getdet() {
  cout<<"Enter your roll number: ";
  cin>>rno;
  cout<<"\nEnter your name: ";
  gets(name);
 }
 void putdet() {
  cout<<"Roll number: "<<rno;
  cout<<"\nName: "<<name;
 }
};

int main() {
 //system(clean);
 stud s;
 s.getdet();
 s.putdet();
}
****************************************************
 But it gave a warning: i.cpp:(.text._ZN4stud6getdetEv[stud::getdet()]+0x4b): warning: the `gets' function is dangerous and should not be used.
What does it mean?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu gcc-4.2 Edit question
Assignee:
No assignee Edit question
Solved by:
Federico Vera
Solved:
Last query:
Last reply:
Revision history for this message
pepperblue (ayashif) said : 		#1

And also what are the header files available for C++ in ubuntu? I cant use 'stdio.h'

Revision history for this message
Steven Sroka (lin-unix) said : 		#2

The equivalent to "stdio.h" is "cstdio"

cplusplus.com has the most and best information about C++ and things like header files [though that's my opinion :)] Try googling cplusplus.com + whatever you want to know about.

"gets" is an extremely dangerous function that you should not use. It was the bases of many malicious programs written in the 80's. It is no longer viable, but it will never be removed from "stdio.h" or "cstdio" because it provides backwards compatibility for older programs.

You should use any of the functions listed here: scanf, sscanf, fscanf, fgets (my favourite!), vscanf(not usually needed). If anyone out there wants to add to the list they can because I don't know ALL they ways to accept input :)

If you would like explanation on how to use any functions I'll be happy to help.

Revision history for this message
Best Federico Vera (fedevera) said : 		#3

that warning means that you should not use gets() to read the string from your keyboard. Managing char pointers in c/c++ is not recommended for security reasons (gets() can't know the char length so this could end in a buffer overflow), If you are just making that code to practice or something of that sort, you can just ignore that warning. If not, you could use fgets() instead.

Here's the link for the reference manual http://www.cplusplus.com/reference/clibrary/cstdio/fgets/

If you want it summarized =P you must change this line:

gets(name);

for this one:

fgets(name, 20, stdin);

as you see, the first argument is the name of the array, the second one the arrays length and the third one is the stream.
Note that fgets() and gets() are NOT equivalent functions, you should read the reference to make it clearer

Hope it helps!

Revision history for this message
pepperblue (ayashif) said : 		#4

Thanks Federico Vera, that solved my question.