Quiz Entry - updated: 2026.07.14
How do you identify unsafe C functions that may cause buffer overflows?
Look for unbounded copy/read functions — gets, strcpy, strcat, sprintf, scanf("%s") — which write without checking the destination size.
| Unsafe function | Why dangerous | Safe replacement |
|---|---|---|
gets(buf) |
No size limit at all | fgets(buf, size, stdin) |
strcpy(dst, src) |
No destination size check | strncpy(dst, src, size) or strlcpy |
strcat(dst, src) |
No remaining space check | strncat(dst, src, size) or strlcat |
sprintf(buf, fmt, ...) |
No output size limit | snprintf(buf, size, fmt, ...) |
scanf("%s", buf) |
No input size limit | scanf("%255s", buf) (with width) |
Automated detection:
# GCC warns about most unsafe functions
gcc -Wall -Wextra -Wformat-security program.c
# Find unsafe function calls in codebase
grep -rn 'gets\|strcpy\|strcat\|sprintf\|scanf.*%s' src/
Key insight: gets() is so dangerous it was removed from the C11 standard entirely. If you see it in code, it's always a bug.
Go deeper:
Buffer overflow (Wikipedia) — the language-choice and unsafe-function background behind these safe replacements.