We recently ran into a problem getting Lingalyzer, the analysis program from Doug Rohde’s Linger to work on MacOS X. The problem at least occurs on 10.5 and up, but could well occur on lower versions as well. Lingalyzer depends on a statistics suite called |stat, which is where the actual problem lies.
When you run the
lingalyzer script, it dies with the error
"warning: this program uses gets(), which is unsafe." We were initially confused, because Lingalyzer is written in Tcl, which has a
gets() function, and
lingalyzer uses it quite a bit. But the problem was actually the |stat programs that it was calling, which use the C
gets() functions. The gets() function is well known for being a buffer overflow risk. GCC warns you sternly not to use it, but MacOS X goes so far as to trap calls to it and refuse to execute the offending program.
It turns out that there is a relatively easy solution, namely replacing all calls to
gets() with calls to fgets(). Wherever in the source code you see:
while (gets (line))
replace it with:
while (fgets (line, sizeof(line), stdin))
I have a patch that can be applied to the |stat source code that replaces all of them, as well as adding the
CFLAGS to the makefile to build a Universal Binary. However, the license for |stat appears to prohibit redistributing modified versions of the code, and a patch might run afoul of that. If you ask nicely I can email it to you though. The license also prohibits even local modifications for any purpose other than making it run on your system, so if MacOS didn’t terminate programs with
gets() with extreme prejudice, then even the changes I made would be in violation. Weird.