Re: FTBFS if "-Werror=format-security" flag is used

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/12/13 23:01, Les Howell wrote:

unless something has  changed recently fputs and puts just like gets and
fgets have been deprecated and are discouraged due to potential security
issues.

Nonsense.

The reason gets is dangerous is because it doesn't take a buffer size so will continue reading until it sees a newline even if it has long since overflowed the buffer - there is literally no way to use it safely unless you can guarantee the maximum length of a line in the input stream.

That does not apply to fgets, which takes a buffer length and is therefore safe as it will not overflow the buffer.

It also doesn't apply to put or fputs, which are output routines so read from the buffer rather than writing to it, stopping at a nul.

Tom

--
Tom Hughes (tom@xxxxxxxxxx)
http://compton.nu/
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux