What is a major risk when using gets function in C?

The major risk when using the gets function in C is the potential for buffer overflow. This occurs because the gets function does not check the array bounds, meaning it does not prevent you from inputting more data than the array can hold.

Here's a step-by-step explanation:

1. When you use the gets function, it reads input from the user until it encounters a newline character or end-of-file.

2. The function then stores this input in the array you've specified.

3. However, the gets function does not check whether the array has enough space to store all the input.

4. If the user inputs more data than the array can hold, the excess data will overflow into adjacent memory.

5. This overflow can overwrite other data in your program, causing it to behave unpredictably or crash.

6. In the worst case, a malicious user could use this overflow to inject harmful code into your program, a common hacking technique known as a buffer overflow attack.

For these reasons, many modern C compilers, including GCC, will issue a warning if you try to use the gets function, and it has been removed from the latest version of the C standard. It's generally recommended to use safer alternatives like fgets or getline instead.