no you aren't. I understand what "except" means. That's why I used it.
I regard the "perfect control over input" case to be so unusual and
brittle as to be almsot useless.
It's a question of engineering principles, really. You seem to have developed
the theory that it's unwise to rely on things which are likely to change,
and experience which shows that the other end of a software interaction may
well change during the lifetime of a program.
Both positions are, of course, correct.
The theory that you can have complete control over stdin, and should rely
on it, is a theory incompatible with a reasonable amount of programming
experience.
I think there's another aspect to this being overlooked. Experienced
engineers usually get a sense for *tradeoffs*. How much work is this change,
and how much protection does it offer? Alternatively, how much work can I
save by ignoring this possible failure mode, and how much risk does that
introduce?
There is not enough benefit from using gets() to justify the risk in any
real-world circumstance, meaning that even if you found one of the theoretical
cases where it could be used "safely", it wouldn't be a particularly
beneficial choice. The time it takes to verify that it's "safe" far exceeds
the time saved by using it instead of something like fgets().
In short, while it may theoretically be the case that there exist safe calls
to gets(), there are few enough of them, and the benefit is marginal enough,
that it is perfectly reasonable to ignore the possibility. On the other hand,
unsafe calls to gets() which someone originally thought would be safe are
fairly common, and fairly risky. Conclusion: A policy of looking for safe
places to use gets(), rather than banning it entirely, creates a very large
risk of real-world buffer overflows due to programmer error or changes in
circumstances, while avoiding gets() avoids those risks.
Once you include the risks of "future changes we didn't anticipate" and
"programmer analysis incorrect", there is in fact NO way to use gets()
"safely".
-s