If it's a constant argument I think there's no real security difference but definitely no harm in it
-
-
Replying to @mjg59
yeah it says we'll get into the Why later on but for now to do it as practice
1 reply 0 retweets 0 likes -
Replying to @alicegoldfuss
I guess if it's a dynamically generated string and you use puts you don't have to worry about format character attacks but hmm it's a moderately contrived case
1 reply 0 retweets 2 likes -
Replying to @mjg59 @alicegoldfuss
Don't want to criticise in any way, there's definitely nothing wrong with using puts() in this case
1 reply 0 retweets 2 likes -
Replying to @mjg59
I welcome helpful critique! All I have is this book and what I can find online. Hearing best practices from Real Life C Programmers is what I need.
1 reply 0 retweets 2 likes -
Replying to @alicegoldfuss
I can't think of a case I've seen in recent history that didn't just use printf for fixed strings - I think puts() probably has a bad rap because it's the counterpart to gets() and that's terrible
4 replies 1 retweet 5 likes -
Replying to @mjg59 @alicegoldfuss
One thing you can do is use printf to justify strings so you don't have to count spaces. "%10s" IIRC. "%-10s" to right justify.
1 reply 0 retweets 3 likes -
I did that! :) also why is gets() terrible? I haven't used it yet
2 replies 0 retweets 0 likes -
Replying to @alicegoldfuss @jbeda
It'll read until it sees a carriage return, and then write that into a buffer. There's no way to tell it how big the destination buffer is, so it'll happily write over the end of the buffer and either crash or allow an attacker to influence the behaviour of your code
3 replies 0 retweets 21 likes -
why...does it still exist? and what should I use instead? getchar()? scanf()?
8 replies 0 retweets 7 likes
Use fgets if you want to impose a length limit anyway to avoid runaway resource usage on bad/malicious input. Use getline (POSIX, not plain C, though) if you want easy automatic allocation for arbitrary-length lines.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.