On Friday 09 August 2024 14:36:26 Martin Storsjö wrote: > On Sun, 4 Aug 2024, Pali Rohár wrote: > > > On Wednesday 31 July 2024 00:13:24 LIU Hao wrote: > > > 在 2024-07-29 02:58, Pali Rohár 写道: > > > > ssp/gets_chk.c: In function ‘__gets_chk’: > > > > ssp/gets_chk.c:20:12: warning: call to ‘gets’ declared with attribute > > > > warning: Using gets() is always unsafe - use fgets() instead > > > > return gets(dst); > > > > > > These can be replaced with `abort()`. > > > > This __gets_chk() function is calling gets() just because it is > > dynamically allocating temporary buffer to which it reads stdin and then > > after validation, it transfer content of the temporary buffer into the > > final output buffer. > > No, it's calling gets() just in a special case, where the bufsize seems to > be near-infinite. > > (I'm not quite sure of the reasoning here - it may be that the compiler > passes INT_MAX as size, when the buffer size really isn't known. I don't > exactly remember why I added that condition - I did browse other > implementations of these functions from elsewhere; it seems like this one is > primarily inspired by GCC's libssp __gets_chk, which has a similar initial > condition.) > > > What about reading stdin directly into the final output buffer? And > > completely get rid of those repeated gets() calls and dynamic allocation > > of temporary buffer? > > I don't see any repeated gets()? There's one special case for >= INT_MAX, > and one default codepath with uses one single fgets.
I mean that code has different executable branches and each has some explicit gets() call. So every presence of gets() triggers one compile warning. If in the whole function is just one gets() call then there will be only one compile warning. > > Now I have played with this and I think it could be possible via scanf() > > with safe format with upper bound checks: "%<size>[^\n]%n%c" > > > > > > Martin, I see that you wrote this __gets_chk() function. What do you > > think about it? > > I do not see this as any simpler than what we have right now, to be honest. I just thought that it can be a good idea to avoid dynamic application. So I tried to prepare something. Anyway, there is msvc gets_s() which could be used to implement __gets_chk(). > I think it might be possible to adjust the implementation to just use one > fgets() straight into the destination buffer, with some manual checking with > fgetc() at the end to see if it really was the end of the line or not. This has race condition (between calling fegts() and fgetc()) for multithreaded programs. In my sample I tried to avoid it. > But in my opinion, this is really a quite special function. Nobody > practically should be using it, so performance is not really important, the > most important is to make sure that the function is correct, and the easier > it is to see that it is correct, the better. > > If there's a warning from the early gets() call, I would maybe suggest > trying to just silence the warning in that location. > > // Martin That could also work. _______________________________________________ Mingw-w64-public mailing list Mingw-w64-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
