Disable warning: the `gets' function is dangerous in GCC through header files?

Question

I am using the function gets() in my C code. My code is working fine but I am getting a warning message

(.text+0xe6): warning: the `gets' function is dangerous and should not be used.

I want this warning message not to pop up. Is there any way?

I am wondering that there might be such possibilities by creating a header file for disabling some warnings. Or is there any option during compiling that can serve my purpose? Or may be there is a particular way of using gets() for this warning not to pop up?

Answer 1

Suggest a safe substitute for gets().

In existing code, to substitute gets(), it may not be desired to use fgets() as that function requires an additional char to save the '\n' which both functions consume, but gets() does not save. Following is a substitute that does not require a larger buffer size.

Each gets(dest) is replace with:
If dest is an array, use gets_sz(dest, sizeof dest)
If dest is a pointer to an char array of size n, use gets_sz(dest, n)

char *gets_sz(char *dest, size_t size) {
    if (size <= 1) {
        // If no room to save anything or stdin is at EOF ...
        if (size == 0 || feof(stdin)) {
            return NULL;
        }
    }
    size--;
    size_t i;
    for (i = 0; i < size; i++) {
        int ch = getchar();
        if (ch == EOF) {
            if (i == 0) {
                return NULL;
            }
            break;
        }
        if (ch == '\n') {
            break;
        }
        dest[i] = (char) ch;
    }
    dest[i] = 0;
    return dest;
}

---

[Edit 2024]

Fixed some minor things, yet being 10 years later I think more should change - more later.

Answer 2

-fno-stack-protector is an option that allows the gets() function to be used in spite of how unsafe it is.

-Wno-deprecated-declarations turns off the deprecation warning

Here's an example of compiling with gets()

gcc myprogram.c -o myprogram -fno-stack-protector -Wno-deprecated-declarations

I agree with everyone who says that it's completely unsafe since it will allow a program to overrun a buffer. This can be quite dangerous and hence the reason it has been deprecated in favor of fgets.

However, if you're taking an intro to security course, being able to write a small test program to play with the concepts of buffer overrun and stack overflows is very helpful.

Answer 3

If you really want to use it, try the flag -fsyntax-only.

The manual in gcc website says:

-fsyntax-only

Check the code for syntax errors, but don't do anything beyond that.

Answer 4

Contrary to popular opinion, not all programmers are equally inattentive to what they are writing. gets() will always be standard in C90, and it was put in the library for several good reasons. It's no more "dangerous" than any other string function when used appropriately, such as in program examples, documentation, unit test scaffolding, homework assignments, etc.

What's more, gets() enhances readability in a way that fgets() never will. And one never has to interrupt one's train of thought to look up what order to put its arguments in.

The following workaround uses my other favorite function to remove the newline. :)

 #define gets GET_LOST
 #include "stdio.h"
 #undef gets

 #include "limits.h"

 char *gets(char *s)
 {
    return strtok(fgets(s, INT_MAX, stdin), "\n");
 }

Answer 5

The obvious answer is to learn from what the compiler is trying to tell you - you should never, ever, use gets(), as it is totally unsafe. Use fgets() instead, which allows you to prevent possible buffer overruns.

#define BUFFER_SIZE 100
char buff[BUFFER_SIZE];
gets( buff);   // unsafe!
fgets( buff, sizeof(buff), stdin );   // safe

Answer 6

If you really want use it.

Here is answer From: http://www.gamedev.net/community/forums/topic.asp?topic_id=523641

If you use a reasonably recent version of gcc, you can use:

#pragma GCC diagnostic ignored "your option here"

For example, if those headers produce a "floating point comparison is unsafe" error, you would use:

#pragma GCC diagnostic ignored "-Wfloat-equal".

Unluckily, you cannot disable "-Wall" that way (that would be too easy, wouldn't it...), you have to do the individual warning options which -Wall enables by hand (at least, the conflicting ones).

Docs: http://gcc.gnu.org/onlinedocs/gcc/Diagnostic-Pragmas.html#Diagnostic-Pragmas

EDIT: But it seems not work for gets warning... I tried on my pc.

Answer 7

There really is no good reason to use gets(). Even the C standard says it's obsolescent! Use fgets() instead.

[Edit]

It looks like the warning comes from the linker. Do you get warning when compiling with -c? (Which disables linking.)

Answer 8

You shouldn't use the gets function at all, the manpage says to use fgets instead.

GCC does not provide the functionality that GCC does to disable warnings using pragmas. You must use the various warning options as flags to the compiler instead.

Answer 9

Use fgets() instead of gets()

char buffer[BUFSIZ];
/* gets(buffer); */
fgets(buffer,sizeof(buffer), stdin);

The gets() function does not check the length of buffer and can write past the end and alter the stack. This is the "buffer overflow" you hear about.

Answer 10

I would heed the warning and replace gets. This is clear enough for me:

BUGS

Never use gets(). Because it is impossible to tell without knowing the data in advance how many characters gets() will read, and because gets() will continue to store characters past the end of the buffer, it is extremely dangerous to use. It has been used to break computer security. Use fgets() instead.