scanf string in c - why can i scan more than the char[] declaration?

Question

I have a program where I need to scanf a string, which I know it will be only 2 characters long. (for example: \"ex\"). what is the proper way to do that?

I was goin

Answer 1

It works just fine, but when I enter a 10-letter word it also works just fine.

It only appears to work fine but it's actually undefined behaviour. That is because scanf stores the characters it reads from stdin into the buffer pointed to by myStr. The size of myStr is 3. Therefore, there's space for only 2 characters. One character space is saved for the terminating null byte to mark the end of the string which is added by scanf automatically. When the input string is longer than 2 characters, scanf overruns the buffer accessing memory out of the bound of the array. It is illegal to access memory out of the array bound and invokes undefined behaviour.

The next time, it may very well crash. It's unpredictable and you should always avoid it. To guard against it, you should specify maximum field width for the conversion specifier %s in the format string of scanf. It should be one less than the array size to accommodate the terminating null byte.

 char myStr[3];
 scanf("%2s", myStr);

Better still, I suggest you to use fgets.

char myStr[3];
// read and store at most one less than 
// sizeof(myStr) chars
fgets(myStr, sizeof myStr, stdin);