No it will not expose you to buffer overflows.  The memory that the  
string is going to be put into isn't even defined yet.  The call to  
gets ends up defining a chunk of memory big enough, and putting in  
the inputted string.  Underneath the covers, the C is (supposedly)  
coded to not cause buffer overflows.

-Chris

On Dec 22, 2006, at 1:25 AM, Spitfire wrote:

>   I'm a newbie in Ruby. And, after a first couple of tutorials, I came
> across the function 'gets'. Being similar to the function in C, I was
> wondering if this would expose programs written in Ruby to buffer  
> overflow
> vulnerabilities? Or am I overlooking something here that would  
> invalidate
> such an argument? I mean, does the 'gets' in ruby perform bounds  
> checking?
>
>
> -- 
> _ _ _]{5pitph!r3}[_ _ _
> __________________________________________________
> Ū'm smart enough to know that I'm dumb.>   - Richard P Feynman