scanf is dangerous, but what is the reason?

We all know scanf / fscanf / sscanf is dangerous. But why? what is the exact reason?

asked Jan 21, 2013 by anonymous
edited Mar 11, 2013

1 Answer

 
Best answer

I thought the '%s' is a problem that causes buffer overflow and 'fgets' is a better solution. But is it the exact reason?

I pased a discussion by AndreyT and his discussion helps me figure it out:

Claiming that scanf is somehow analogous to gets in the respect is
completely incorrect. There's a major qualitative difference between
scanf and gets: scanf does provide the user with
string-buffer-overflow-preventing features, while gets doesn't.

the problem with scanf is that it is difficult (albeit possible) to
use properly and safely with string buffers. And it is impossible to
use safely for arithmetic input. The latter is the real problem. The
former is just an inconvenience.

More details are here: http://stackoverflow.com/questions/2430303/disadvantages-of-scanf#answer-2430978

answered Jan 21, 2013 by anonymous

Please log in or register to answer this question.

Related questions

Copyright © SysTutorials. User contributions licensed under cc-wiki with attribution required.
Hosted on Dreamhost

...