Re: [Mingw-w64-public] ssp/gets_chk.c:20:12: warning: call to ‘gets’ declared with attribute warning: Using gets() is always unsafe - use fgets() instead

Fri, 09 Aug 2024 04:37:13 -0700 

On Sun, 4 Aug 2024, Pali Rohár wrote:


On Wednesday 31 July 2024 00:13:24 LIU Hao wrote:

在 2024-07-29 02:58, Pali Rohár 写道:

ssp/gets_chk.c: In function ‘__gets_chk’:
ssp/gets_chk.c:20:12: warning: call to ‘gets’ declared with attribute warning: 
Using gets() is always unsafe - use fgets() instead
      return gets(dst);


These can be replaced with `abort()`.


This __gets_chk() function is calling gets() just because it is
dynamically allocating temporary buffer to which it reads stdin and then
after validation, it transfer content of the temporary buffer into the
final output buffer.



No, it's calling gets() just in a special case, where the bufsize seems to 
be near-infinite.



(I'm not quite sure of the reasoning here - it may be that the compiler 
passes INT_MAX as size, when the buffer size really isn't known. I don't 
exactly remember why I added that condition - I did browse other 
implementations of these functions from elsewhere; it seems like this one 
is primarily inspired by GCC's libssp __gets_chk, which has a similar 
initial condition.)



What about reading stdin directly into the final output buffer? And
completely get rid of those repeated gets() calls and dynamic allocation
of temporary buffer?



I don't see any repeated gets()? There's one special case for >= INT_MAX, 
and one default codepath with uses one single fgets.



Now I have played with this and I think it could be possible via scanf()
with safe format with upper bound checks: "%<size>[^\n]%n%c"


Martin, I see that you wrote this __gets_chk() function. What do you
think about it?



I do not see this as any simpler than what we have right now, to be 
honest.



I think it might be possible to adjust the implementation to just use one 
fgets() straight into the destination buffer, with some manual checking 
with fgetc() at the end to see if it really was the end of the line or 
not.



But in my opinion, this is really a quite special function. Nobody 
practically should be using it, so performance is not really important, 
the most important is to make sure that the function is correct, and the 
easier it is to see that it is correct, the better.



If there's a warning from the early gets() call, I would maybe suggest 
trying to just silence the warning in that location.


// Martin

_______________________________________________
Mingw-w64-public mailing list
Mingw-w64-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mingw-w64-public























					Reply via email to