Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Programmers respond by attempting to stamp out the gets() function in working code, but they refuse to remove it from the C programming language's standard input/output library, where it remains to this day.

gets was deprecated in C99 and removed in C11.



C11 is about 6 years newer than the article. So the article was accurate at the time it was written.


... but what percentage of current C code is C11. More importantly, how much new code is written according to C11?


But gets() isn't just one unsafe function all of the classic string functions are totally unsafe, and most of their safer replacements are similarly bad. They do things like take buffer size and then will truncate strings and leave off the terminating zero. So then the next string function will blow up.

I think really when people manipulate strings in c/c++ they use the safe functions that come with frameworks.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: