2

I have written a simple program in C. A program to input a String and display it along with the length.

#include<stdio.h>

int main()
{
char a[4];
printf("Enter the name : ");
gets(a);

printf("\nThe name enterd is : %s",a);
printf("\nLength of string is : %d",strlen(a));

getch();
return 0;
}

The program do not contain warning or error.

At run-time I entered the value " melwinsunny " as input. There was no error and the result displayed was :

Enter the name : melwinsunny

The name entered is : melwinsunny

length of string is : 11

Why is it so? I have declared the character array of length 4 ( char a[4] ). Please explain.

Does this mean the character array is dynamic?

MELWIN
  • 1,093
  • 4
  • 12
  • 19
  • 2
    No, it means you just performed a buffer overflow. C *does not hold your hand*. If anything, it takes aim squarely at your foot and is simply waiting for you to pull the trigger. – Brian Roach Jan 21 '14 at 06:02
  • It will overwrite something else. Probably unused memory in this case, but try something like this: `int i1=5; char a[4]; int i2=6; printf("i1, i2 are %i, %i\n", i1, i2); gets(a); printf("i1, i2, a are %i, %i, %s\n", i1, i2, a);`. This is undefined behaviour though, which means there are no guarantees and it might depend on your compiler and OS (or it might cause demons to fly out of your nose - which is extremely unlikely in practice) – user253751 Jan 21 '14 at 08:53

4 Answers4

7

No, arrays in C are not dynamic, what you see is undefined behavior because of buffer overflow.

And this is the reason you should NOT use gets(), use fgets() instead, which would prevent buffer overflow like this.

Yu Hao
  • 119,891
  • 44
  • 235
  • 294
  • where should I use gets ??? In which part of programming (in general) does gets() helps us? fgets() works as pointers. dont that make program complicated? – MELWIN Jan 21 '14 at 06:08
  • 2
    @MELWIN You should **never** use `gets()`. Use `fgets()` with `stdin` instead. In fact, in the newest C standard (C11), `gets()` has been removed. – Yu Hao Jan 21 '14 at 06:09
  • thank you. I am still useing turbo c++. when the input is less than or equal to 4 it does not return any buffer overflow. thankyou for the answer – MELWIN Jan 21 '14 at 06:17
4

Others have pointed out that it is undefined behaviour. What this means is that when you have char a[4] and you attempt to access anything that is out-of-bounds (e.g. a[4] = 't'), then there is no guarantee as to how your program behaves. In some cases, it may work, and in other cases, it may crash. Since there is no guarantee, it is particularly useless to depend on such code.

The problem with gets() is that you can't tell it how big the buffer is, so it has no idea when to stop writing to the supplied buffer. You entered in 11 characters, and gets has performed the equivalent of:

a[0] = 'm';
a[1] = 'e';
a[2] = 'l';
a[3] = 'w';
a[4] = 'i'; // at this point, we are writing out-of-bounds
a[5] = 'n';
/* ... etc ... */
a[12] = '\0';

In C, there are no automatic bounds checks, and there are simply no guarantees as to what will happen.

Functions that write to a buffer that cannot be limited are generally considered unsafe (unless the function is documented not to write more than a certain number of characters, etc.).

dreamlax
  • 93,976
  • 29
  • 161
  • 209
0

gets() working is undefined by the compiler anything can happen use fgets.

Check Here

Community
  • 1
  • 1
user3217895
  • 17
  • 2
0

gets function is dangerous to use in C. Avoid it by using fgets function.

vishal kumar
  • 43
  • 1
  • 9