[COFF] Community 'deprecation' of gets(3)
segaloco via COFF
coff at tuhs.org
Thu May 21 13:50:18 AEST 2026
On Wednesday, May 20th, 2026 at 20:04, Alexis via COFF <coff at tuhs.org> wrote:
>
> Hi all,
>
> Wasn't entirely sure whether this would be appropriate for TUHS,
> so erring on the side of caution and posting here. :-) If it _is_
> appropriate, please loop TUHS in on any replies.
>
> At what point did the use of gets(3) become 'deprecated' by the C
> / Unix / whatever communities, for security and general buginess
> reasons? In the sense that there was a general consensus that it
> shouldn't be used, particularly due to the security implications,
> despite still being permitted by specs?
>
> gets(3) was:
>
> * included in Issue 1, but i can't find an online copy of that (or
> of Issue 1 of the SVID)[a];
> * deprecated in C99, removed in C11; and
> * obsoleted by POSIX Issue 7 / .1-2008.
>
>
> Alexis.
>
> [a] My search-fu has been failing in general of late, so i
> wouldn't be surprised if someone said "It's /here/; that took me
> 10 seconds to find." :-P
>
I feel like I've seen earlier guidance, but 1985's SVID Issue 1 gives an "Application Usage" entry of:
> Reading too long a line through gets causes gets to break.
> The use of fgets is recommended.
This note is also in the X/Open Portability Guide, but not the /usr/group standard. I don't see this in the SVR2 manuals (which the SVID is based on) nor 4.3BSD. So I've got a confirmed backstop of official guidance in 1985 not to use gets(3), but I feel like I've seen earlier mentions in some BTL-adjacent paper or manpage.
- Matt G.
More information about the COFF
mailing list