No it will not expose you to buffer overflows. The memory that the string is going to be put into isn't even defined yet. The call to gets ends up defining a chunk of memory big enough, and putting in the inputted string. Underneath the covers, the C is (supposedly) coded to not cause buffer overflows. -Chris On Dec 22, 2006, at 1:25 AM, Spitfire wrote: > I'm a newbie in Ruby. And, after a first couple of tutorials, I came > across the function 'gets'. Being similar to the function in C, I was > wondering if this would expose programs written in Ruby to buffer > overflow > vulnerabilities? Or am I overlooking something here that would > invalidate > such an argument? I mean, does the 'gets' in ruby perform bounds > checking? > > > -- > _ _ _]{5pitph!r3}[_ _ _ > __________________________________________________ > Ū'm smart enough to know that I'm dumb.> - Richard P Feynman