发表新帖
发表新帖

Disadvantages of scanf

前端 未结
关注
9 1171
傲寒
傲寒 2020-11-22 00:34

I want to know the disadvantages of scanf().

In many sites, I have read that using scanf might cause buffer overflows. What is the reason f

9条回答
  • 挽巷
    挽巷 (楼主)
    2020-11-22 01:09

    Yes, you are right. There is a major security flaw in scanf family(scanf,sscanf, fscanf..etc) esp when reading a string, because they don't take the length of the buffer (into which they are reading) into account.

    Example:

    char buf[3];
sscanf("abcdef","%s",buf);

    clearly the the buffer buf can hold MAX 3 char. But the sscanf will try to put "abcdef" into it causing buffer overflow.

    0 讨论(0)
 看不清?
提交回复
热议问题