Les Howell wrote:
>> printf("%s", string) is inefficient. In
>> this case, it would be better to use puts/fputs.
>>
>unless something has changed recently fputs and puts just like gets
>and fgets have been deprecated and are discouraged due to potential
>security issues.gets is horribly insecure because it doesn't care how long the buffer it's writing to is. fgets is better because it has a size parameter, but you have to take care to pass the correct size to it. It's more risky than a real array with bounds checking, but it's about as secure as it gets in the standard C library. puts and fputs aren't any more dangerous than any other handling of null-terminated strings. There is definitely no security to be gained by using printf instead of puts or fputs. Björn Persson
signature.asc
Description: PGP signature
-- devel mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
