70,023
社区成员
发帖
与我相关
我的任务
分享gets_s()?
#include <stdio.h>
int main()
{
char a[7];
gets_s(a,6);
puts(a);
return 0;
}
z@z:~$ gcc -Wall a.c
a.c: In function ‘main’:
a.c:6: warning: implicit declaration of function ‘gets_s’
/tmp/cc7CZiL6.o: In function `main':
a.c:(.text+0x19): undefined reference to `gets_s'
collect2: ld returned 1 exit status
问题:
1.为什么出错?
2.char *gets_s(char *str, rsize_t n);,第二个参数rsize_t n是什么?有什么限制?
...全文
请发表友善的回复…
发表回复
zeroten 2013-04-03
- 打赏
- 举报
C11:删除了 gets() 函数,使用一个新的更安全的函数gets_s()替代。
http://zh.wikipedia.org/zh-cn/C%E8%AF%AD%E8%A8%80#C11
mymtom 2013-02-06
- 打赏
- 举报
gets_s是MS专属函数,还是不要用了吧。
用fgets
qq120848369 2013-02-06
- 打赏
- 举报
考虑到可移植性,还是使用fgets吧。
赵4老师 2013-02-06
- 打赏
- 举报
Run-Time Library Reference
gets_s, _getws_s
Get a line from the stdin stream. These are versions of gets, _getws with security enhancements as described in Security Enhancements in the CRT.
char *gets_s(
char *buffer,
size_t sizeInCharacters
);
wchar_t *_getws_s(
wchar_t *buffer,
size_t sizeInCharacters
);
template <size_t size>
char *gets_s(
char (&buffer)[size]
); // C++ only
template <size_t size>
wchar_t *_getws_s(
wchar_t (&buffer)[size]
); // C++ only
Parameters
[out] buffer
Storage location for input string.
[in] sizeInCharacters
The size of the buffer.
Return Value
Returns buffer if successful. A NULL pointer indicates an error or end-of-file condition. Use ferror or feof to determine which one has occurred.
Remarks
The gets_s function reads a line from the standard input stream stdin and stores it in buffer. The line consists of all characters up to and including the first newline character ('\n'). gets_s then replaces the newline character with a null character ('\0') before returning the line. In contrast, the fgets_s function retains the newline character.
If the first character read is the end-of-file character, a null character is stored at the beginning of buffer and NULL is returned.
_getws is a wide-character version of gets_s; its argument and return value are wide-character strings.
If buffer is NULL or sizeInCharacters is less than or equal to zero, or if the buffer is too small to contain the input line and null terminator, these functions invoke an invalid parameter handler, as described in Parameter Validation. If execution is allowed to continue, these functions return NULL and set errno to EINVAL.
In C++, using these functions is simplified by template overloads; the overloads can infer buffer length automatically (eliminating the need to specify a size argument) and they can automatically replace older, non-secure functions with their newer, secure counterparts. For more information, see Secure Template Overloads.
TCHAR.H routine
_UNICODE & _MBCS not defined
_MBCS defined
_UNICODE defined
_getts
gets_s
gets_s
_getws
Requirements
Routine
Required header
gets_s
<stdio.h>
_getws
<stdio.h> or <wchar.h>
For additional compatibility information, see Compatibility in the Introduction.
Example
Copy Code
// crt_gets_s.c
// This program retrieves a string from the stdin and
// prints the same string to the console.
#include <stdio.h>
int main( void )
{
char line[21]; // room for 20 chars + '\0'
gets_s( line, 20 );
printf( "The line entered was: %s\n", line );
}
Run-Time Library Reference
Security Enhancements in the CRT
Significant enhancements have been made to make the CRT more secure. Many CRT functions now have more secure versions. If a new secure function exists, the older, less secure version is marked as deprecated and the new version has the _s ("secure") suffix.
It should be noted that in this context, "deprecated" just means that a function's use is not recommended; it does not indicate that the function is scheduled to be removed from the CRT.
It should also be noted that the secure functions do not prevent or correct security errors; rather, they catch errors when they occur. They perform additional checks for error conditions, and in the case of an error, they invoke an error handler (see Parameter Validation).
For example, the strcpy function has no way of telling if the string that it is copying is too big for its destination buffer. However, its secure counterpart, strcpy_s, takes the size of the buffer as a parameter, so it can determine if a buffer overrun will occur. If you use strcpy_s to copy eleven characters into a ten-character buffer, that is an error on your part; strcpy_s cannot correct your mistake, but it can detect your error and inform you by invoking the invalid parameter handler.
Eliminating deprecation warnings
There are several ways to eliminate deprecation warnings for the older, less secure functions. The simplest is simply to define _CRT_SECURE_NO_WARNINGS or use the warning pragma. Either will disable deprecation warnings, but of course the security issues that caused the warnings still exist. It is far better to leave deprecation warnings enabled and take advantage of the new CRT security features.
In C++, the easiest way to do that is to use Secure Template Overloads, which in many cases will eliminate deprecation warnings by replacing calls to deprecated functions with calls to the new secure versions of those functions. For example, consider this deprecated call to strcpy:
Copy Code
char szBuf[10];
strcpy(szBuf, "test"); // warning: deprecated
Defining _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES as 1 eliminates the warning by changing the strcpy call to strcpy_s, which prevents buffer overruns. For more information, see Secure Template Overloads.
For those deprecated functions without secure template overloads, you should definitely consider manually updating your code to use the secure versions.
Another source of deprecation warnings, unrelated to security, is the POSIX functions. Replace POSIX function names with their standard equivalents (for example, change access to _access), or disable POSIX-related deprecation warnings by defining _CRT_NONSTDC_NO_WARNINGS. For more information, see Deprecated CRT Functions.
Security Enhancements
Some of the security enhancements include the following:
Parameter Validation. Parameters passed to CRT functions are validated, in both secure functions and in many preexisting versions of functions. These validations include:
Checking for NULL values passed to the functions.
Checking enumerated values for validity.
Checking that integral values are in valid ranges.
For more information, see Parameter Validation.
A handler for invalid parameters is also accessible to the developer. When an encountering an invalid parameter, instead of asserting and exiting the application, the CRT provides a way to check these problems with the _set_invalid_parameter_handler function.
Sized Buffers. The secure functions require that the buffer size be passed to any function that writes to a buffer. The secure versions validate that the buffer is large enough before writing to it, helping to avoid dangerous buffer overrun errors that could allow malicious code to execute. These functions usually return an errno type of error code and invoke the invalid parameter handler if the size of the buffer is too small. Functions that read from input buffers, such as gets, have secure versions that require you to specify a maximum size.
Null termination. Some functions that left potentially non-terminated strings have secure versions which ensure that strings are properly null terminated.
Enhanced error reporting. The secure functions return error codes with more error information than was available with the preexisting functions. The secure functions and many of the preexisting functions now set errno and often return an errno code type as well, to provide better error reporting.
Filesystem security. Secure file I/O APIs support secure file access in the default case.
Windows security. Secure process APIs enforce security policies and allow ACLs to be specified.
Format string syntax checking. Invalid strings are now detected, for example, using incorrect type field characters in printf format strings.
The documentation for each function describes additional security enhancements.
For more information, see the following articles on MSDN Online:
Safe! Repel Attacks on Your Code with the Visual Studio 2005 Safe C and C++ Libraries by Martyn Lovell.
Saying Goodbye to an Old Friend by Michael Howard.
See Also
Concepts
Security-Enhanced Versions of CRT Functions
Parameter Validation
Secure Template Overloads
Deprecated CRT Functions
C Run-Time Libraries
zslInSz 2013-02-05
- 打赏
- 举报
应该是内核版本或者是gcc版本的原因。
GioPna 2013-02-05
- 打赏
- 举报
ForestDB 2013-02-05
- 打赏
- 举报
gets_s不是Linux下的函数,应该是Windows下的吧。
GioPna 2013-02-05
- 打赏
- 举报
gcc加什么参数?
AnYidan 2013-02-05
- 打赏
- 举报
找不到 gets_s() 的声明,头文件?编译环境?
