If you have code like this:

如果你有这样的代码：

char s[10];
gets( s );

and you type in more than 10 characters when the program is run, you will overflow the buffer, causing undefined behaviour. The gets() function has no means of preventing you typing the characters and so should be avoided. Instead you should use fgets(), which allows you to limit the number of characters read, so that the buffer does not overflow.:

并且在程序运行时输入超过 10 个字符，您将溢出缓冲区，导致未定义的行为。get() 函数无法阻止您输入字符，因此应避免使用。相反，您应该使用 fgets()，它允许您限制读取的字符数，以便缓冲区不会溢出。：

char s[10];
fgets( s, 10, stdin );

The puts() function is perfectly safe, providedthe string that you are outputting is null-terminated.

puts() 函数是完全安全的，前提是您输出的字符串以空字符结尾。

Because getsdoesn't constrain the amount of data it reads, and is thus vulnerable to buffer overruns. @Neil's answer has the appropriate solution to this.

因为gets不限制它读取的数据量，因此容易受到缓冲区溢出的影响。@Neil 的回答对此有适当的解决方案。

The putsfunction isn't dangerous, AFAIK, unless, of course, you forget to null-terminate it.

该puts函数并不危险，AFAIK，当然，除非您忘记以空值终止它。

Buffer overruns are dangerous. Here's the definition:

缓冲区溢出是危险的。这是定义：

/* Get a line from the stdin stream. */
char *gets(char *buffer);

How big is the buffer? If a user types more data that can fit in the buffer, the program could crash and be susceptible to hacker exploits.

缓冲区有多大？如果用户键入更多可以放入缓冲区的数据，程序可能会崩溃并容易受到黑客攻击。

As Wikipedia's article says, gets()is inherently unsafe because all it takes is a char *as the argument.

正如维基百科的文章所说， ,gets()本质上是不安全的，因为它只需要 achar *作为参数。

This is dangerous because there is no way for the method to know how much space has been allocated to that char *in any situation. Therefore getsbehaves as if it has a blank check to write as much data to it as possible, which could result in buffer overruns.

这是危险的，因为该方法无法知道char *在任何情况下分配了多少空间。因此gets，它的行为就好像它有一个空白检查，以向其写入尽可能多的数据，这可能会导致缓冲区溢出。

The alternative is fgetswhich takes in not just the character array, but the maximum length and the stream pointer. getsis kept around only for backwards compatibility with older code.

另一种方法是fgets不仅接收字符数组，还接收最大长度和流指针。 gets保留只是为了与旧代码向后兼容。

Gets does not check for buffer overrun exposing your code to attack

Gets 不检查缓冲区溢出，从而使您的代码受到攻击

getsreads data into the given area of memory until a newline or end of file is encountered. If the input (e.g. as supplied by the user) contains a line longer than the size of the buffer supplied to gets, it will overflow and gets will write to memory outside the buffer. At worst this may allow a malicious user to write data that alters the behaviour of the program or possibly even executes arbitrary code with the privileges of that program (e.g. one that may be running on a remote server or with the privileges of another user), and even accidental overflows are likely to break the software.

gets将数据读入给定的内存区域，直到遇到换行符或文件结尾。如果输入（例如由用户提供）包含比提供给 的缓冲区大小更长的行gets，它将溢出并且gets 将写入缓冲区外的内存。在最坏的情况下，这可能允许恶意用户写入数据来改变程序的行为，甚至可能以该程序的权限（例如，可能在远程服务器上运行或以另一个用户的权限运行的程序）执行任意代码，甚至意外的溢出也可能会破坏软件。

fgetsshould be used instead, as it takes an additional argument to constrain the size of the input.

fgets应该改为使用，因为它需要一个额外的参数来限制输入的大小。