alpine 3.6
buffer weakness #37


Weakness Breakdown


Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

 /* Copyright (C) 2004       Manuel Novoa III    <>
 * GNU Library General Public License (LGPL) version 2 or later.
 * Dedicated to Toni.  See uClibc/DEDICATION.mjn3 for details.

#include "_stdio.h"

link_warning(gets, "the 'gets' function is dangerous and should not be used.")

/* UNSAFE FUNCTION -- do not bother optimizing */

/* disable macro, force actual function call */
#undef getchar_unlocked

char *gets(char *s)
	register char *p = s;
	int c;


	/* Note: don't worry about performance here... this shouldn't be used!
	 * Therefore, force actual function call. */
	while (((c = getchar_unlocked()) != EOF) && ((*p = c) != '\n')) {
	if ((c == EOF) || (s == p)) {
		s = NULL;
	} else {
		*p = 0;


	return s;

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.