what is splint trying to tell me in this?

Question

I wrote a simple code (part of it below) and use splint to check for any warnings. But Splint is complaining. What might be the issue I am missing?

Splint Warning

malloctest.c:24:3: Return value (type char *) ignored: gets(p)
  Result returned by function call is not used. If this is intended, can cast
  result to (void) to eliminate message. (Use -retvalother to inhibit warning)

Code part

p= (char*)malloc(BUFFER*sizeof(char));

    if(p==NULL)
        {
            printf("the memory could not be allocated");
        }
    else
    {
        gets(p);  //line 24
        printf("the name entered is \n%s\n",p);
    }

Thanks in Advance!

Answer 1

gets() returns a char* to indicate success or failure, which the code is ignoring hence the warning.

However, with gets() there is no way to prevent buffer overrun. Instead, you can use scanf() with "%Ns" format specifier (or fgets() if the string can contain spaces):

if (1 == scanf("%9s", p)) /* if BUFFER(_SIZE ?) was 10.
                             The 'N' in the format specifier
                             must be 1 less than size of
                             the buffer to allow for null
                             terminator. */
{
}

Answer 2

You should avoid using gets(), always!

gets() is a very unsafe function because it doesn't check the length of the buffer and this could lead into a potential buffer overflow.

#include <stdio.h>
int main(void) {
  char buffer[10];
  gets(buffer);
  puts(buffer);
  return 0;
}

If you for example input 0123456789 10 11 12 13 then you have a big problem.

It is better to use fgets() instead:

#include <stdio.h>
int main(void) {
  char buffer[10];
  fgets(buffer, sizeof buffer, stdin);
  puts(buffer);
  return 0;
}

Answer 3

gets(p) has a char* return value which you aren't storing. This isn't realy a problem but splint just reminds you of that.