[pjmlp]

And has never been updated ever since. Latest standard revision is ISO C17.

[Koshkin]

Thank god. I’d hate to see the book grow to a thousand pages.

[pjmlp]

On the other side it is full with outdated information and examples that lead to unsafe C code, not much to be happy about.

[saagarjha]

Name one from the second edition? I found the book’s examples to be fairly timeless.

[pjmlp]

It is 2000 km away from where I live.

Not going to buy another copy just to make someone happy on Internet.

But still, most examples don't proper error correction, don't teach about use of bound checked strings and vectors, and if I remember correctly there are examples with gets().

[saagarjha]

I hear there are PDFs floating around on the internet, not that I would know anything about this of course ;)

My copy has no examples that use gets, although it is mentioned and I would agree that any such mention without a disclaimer that the function is impossible to use safely is a defect. Error handling, however, is generally present (or left out for brevity and noted). The functions in the standard for dealing with bounds checks are a new addition to the standard and a pox on the language regardless so it's not the best example of something new that the book should cover.

[pjmlp]

For those that care about security in C, even those functions are not the way to go, rather something like https://github.com/antirez/sds.

This is something that the book fails to teach, as it also has no mentions of modern static analysers practices, naturally given the book's age.

So at the end we get yet another C newbie writing future CVEs.