Buffer storage with gets()

Question

Brand new to coding here. Tried to research this topic, but having difficulty finding where to start on questions I hardly know how to ask..

The following is a line of code I'm using in an online course and I'm trying to understand how gets() is working here. I am using Visual Studio in learning C, and the instructor is returning a different output (he is using CodeLite) when using gets(). For him, when he enters firstname in the command prompt in excess of 5 characters, the buffer will overflow the extra characters into the subsequent char variable, lastname. For me, when I enter in extra characters, my printf() will return exactly what I entered. For ex: If I enter firstname: George lastname: Washington, it will return "Hello, George, Washington.", where for him it would return "Hello, Georg, eWash."

Is Visual Studio performing some sort of flush on the buffer in between my gets()s? And what is the point of specifying '5' in char firstname[5] if when I enter more than 5 characters on the command prompt, it will store all the characters in my firstname and lastname char variables? Why would fgets() be a better solution in situations like this?

#include <stdio.h>

void flush_input(){
   int ch;
   while ((ch = getchar()) != '\n' && ch != EOF);
}

void getinput_with_gets() {
   char firstname[5];
   char lastname[5];
   printf("Enter your first name:");
   gets(firstname);
   printf("Enter your last name:");
   gets(lastname);
   printf("Hello, %s, %s\n", firstname, lastname);
}


void getinput_with_fgets() {
   char firstname[5];
   char lastname[5];
   printf("Enter your first name:");
   fgets(firstname, 5, stdin);
   printf("Enter your last name:");
   // fflush(stdin);    // This function may not (invariably) work with input!
   flush_input();
   fgets(lastname, 5, stdin);
   flush_input();
   printf("Hello, %s, %s\n", firstname, lastname);
}

int main(int argc, char **argv) {
   getinput_with_gets();
   // getinput_with_fgets();
   return 0;
}

Visual studio is c++ IDE I believe, but I guess you're right I shouldn't have included that. — Blakemc44, Dec 15 '17 at 21:39
Some IDEs support various languages. You're writing C code, not C++. Since strings are zero-terminated, if you declare `char firstname[5]` and enter more than 4 characters, you will overflow that array. That would be bad. — lurker, Dec 15 '17 at 21:39
There's really no reason to put significant effort into understanding why fundamentally broken code breaks in specific ways until you are much, much more advanced. It will actually harm your learning. The lesson is just that broken code breaks in strange and unpredictable ways and that's why it's important to avoid and/or fix broken code. — David Schwartz, Dec 15 '17 at 21:41
`fgets` reads the newline too. Please see [Removing trailing newline character from fgets() input](https://stackoverflow.com/questions/2693776/removing-trailing-newline-character-from-fgets-input/28462221#28462221) — Weather Vane, Dec 15 '17 at 21:52
**`gets` is deprecated, dangerous**, and should *never* be used (and should not have been invented). Read documentation of every [IO function](http://en.cppreference.com/w/c/io) and of every other standard function that you are using. BTW you'll better use much wider buffers (e.g. `char firstname[64];`). Then compile with all warnings & debug info, and use the debugger — Basile Starynkevitch, Dec 15 '17 at 23:06
'And what is the point of specifying '5' in char firstname[5]' - exactly. Unless you are on a RAM-restricted embedded system, stop bean-counting and just use [256], a size long enough to accept any real human name, and be done with. Even then, this does not excuse the use of error-prone and deprecated calls like gets() - a malicious user could enter a 'name' with more than 256 chars. — Martin James, Dec 16 '17 at 06:43

The DibMaster · Answer 1 · 2017-12-16T13:32:29.747

0

the number in char firstname[number] is how much characters you are allocating for that array of chars. For example, if you use 6 as the number, you can put 6 chars in that variable. If more than 6 chars are used, that results in a Buffer Overflow. You can check out C tutorials for more information

edited Dec 16 '17 at 13:32

answered Dec 16 '17 at 02:49

The DibMaster

11
4

score -2 · Answer 2 · answered Dec 15 '17 at 21:42

-2

If you use "gets" in c++ code with visual c++ and an array argument a "safe" template overload is used instead of the gets from the C library, that function template forwards to msvc's gets_s function which takes a buffer length argument.

basically it calls (return type may be off, but this gives the idea):

template<typename Elem, size_t N>
size_t gets(ElElem (&arr)[N])
{
  return gets_s(arr, N);
}

answered Dec 15 '17 at 21:42

SoronelHaetir

14,104
1
12
23

Why Why Why? Why not just not use `gets` in the first place – Ed Heal Dec 15 '17 at 21:44
I was answering the question as asked, there was enough information to do so. – SoronelHaetir Dec 15 '17 at 21:47

Buffer storage with gets()

2 Answers2