0

I know you quickly clicked this expecting to answer NEVER USE GETS! but I have a valid reason. I am learning about buffer overflows and need to purposely develop vulnerable software.

So, as the title states, how do I ignore the warnings so the compilation succeeds? I have tried:

gcc bo.c -o bo -Wall

... to no avail.

Thanks for any help.

BugHunterUK
  • 8,346
  • 16
  • 65
  • 121
  • 4
    You could have a buffer overflow with `fgets`. Just give a wider than true size. So I guess you really should avoid `gets`. It is removed from the latest C standards, so basically it is gone – Basile Starynkevitch Oct 24 '15 at 18:24
  • BTW: What is the warning? – chux - Reinstate Monica Oct 24 '15 at 18:25
  • Technically, compilation does succeed with warnings. That's what makes them warnings and not errors. And can you show the line of code that you are getting the warning on, and what the message is? `gets` calls don't unconditionally generate warnings. – lurker Oct 24 '15 at 18:26
  • FIrst of all, -Wall does just the opposite of what you want. Secondly, warning doesnt cause unsuccessful compilation. Your code does compile into the executable even if you get a warning. – tapananand Oct 24 '15 at 18:26
  • I think using `-w` instead of `-Wall` would work. – AKJ88 Oct 24 '15 at 18:28
  • 2
    Assuming you have a special reason to develop bad code, I would **not** turn warnings off. If you only get warnings on the lines where **you** willingly use gets when you should not, it means that remaining of code looks correct. If you switch warnings off, code could fail for unwanted reasons. – Serge Ballesta Oct 24 '15 at 18:34
  • Possible duplicate of [How to disable GCC warnings for a few lines of code](http://stackoverflow.com/questions/3378560/how-to-disable-gcc-warnings-for-a-few-lines-of-code) –  Oct 24 '15 at 19:06
  • @BugHunterUK -- my ["duplicate suggestion"](http://stackoverflow.com/questions/3378560) of course assumes you're just worried about the "warning noise" for *intentionally bad code* while still wanting to get *other* warnings. Like you wrote your question, it sounds like the warning would prevent successful compilation (which can't be the case for a *warning*). –  Oct 24 '15 at 19:08

2 Answers2

3

This code:

#include <stdio.h>
int main() {
        char foo[10];
        gets( foo );
        return 0;
}

produces the following output when compiled:

bo.c: In function 'main':
bo.c:4:2: warning: 'gets' is deprecated (declared at /usr/include/stdio.h:638) [-Wdeprecated-declarations]
  gets( foo );
  ^
/tmp/cclk8TkP.o: In function `main':
bo.c:(.text+0x10): warning: the `gets' function is dangerous and should not be used.

The first warning is from the compiler, and we can see what flag to use to suppress it: -Wno-deprecated-declarations.

This leaves the second warning, which is from the linker. As far as I can tell there is no way to suppress that warning easily (see here and here). However it should not be a problem, since it is a warning, not an error; the executable gets created.

Community
  • 1
  • 1
Kenney
  • 9,003
  • 15
  • 21
  • This is strange, there should be a way to do this. I have read all the links and tried the `pragma` approach and all.. Nothing works.. – Haris Oct 24 '15 at 18:41
  • There might be a way using a custom linker script, but as long as your executable gets created I think it's more trouble than it's worth. You could always do a `|& grep -v` in your Makefile. – Kenney Oct 24 '15 at 18:53
  • This worked, although my error didn't suggest to use `-Who-deprecated-declarations` – BugHunterUK Oct 24 '15 at 18:55
  • @Kenney Ya, thats there in that other link. – Haris Oct 24 '15 at 18:57
  • @BugHunterUK You haven't posted the error you got yet, but I suppose it depends on your GCC version and platform. The output above is from GCC 4.9.2 on Linux 3.16; on Cygwin I didn't even get a warning... And the suggestion is implied: the warning mentioned `[-Wdeprecated-declarations]`. – Kenney Oct 24 '15 at 19:08
  • If having warning outputs makes it hard to see if a compilation failed or not, you could use `-Werror -Wno-deprecated-declarations` to treat all warnings as errors and at the same time not raise a warning(/error) on the deprecation. – Kenney Oct 24 '15 at 19:20
1

use fgets instead of gets

Example:

fgets (foo, sizeof(foo), stdin);
Rakshit Nawani
  • 2,604
  • 14
  • 27
Vinay Singh
  • 11
  • 2