Static Analysis Problem Type Reference
The C library gets function is inherently unsafe and should never be used.
There is nothing to prevent input from exceeding the size of the buffer. The fgets function is a good safe equivalent.
|
ID |
Code Location |
Description |
|---|---|---|
|
1 |
Call site |
The place where the function was called |
#include <stdio.h>
char buffer[256];
char * get_a_line()
{
// if next input line is longer than 256 this will corrupt memory
// better is return fgets(buffer, sizeof(buffer), stdin);
return gets(buffer);
}