tags:
- article
- notes
- c
- programming
source: http://sekrit.de/webdocs/c/beginners-guide-away-from-scanf.html
created: 2024-12-14
published: 2017-06-08...
Is there anything inherently wrong with scanf()?
No, there isn't anything inherently wrong with scanf().
What's the first rule for using
scanf()?
The first rule for usingscanf()is to not usescanf()unless you know exactly what you're doing.
scanf()#include <stdio.h>
int main(void)
{
int a;
printf("Enter a number: ");
scanf("%d", &a);
printf("You entered %d.\n", a);
}
What happens if you just use scanf() to read a value from the user and the user enters something which doesn't match the format string?
If you just use scanf() to read a value from the user and the user enters something which doesn't match the format string, scanf() doesn't initialize the variable.
What happens if you try to access the value of an uninitialized variable in C?
If you try to access the value of an uninitialized variable in C, it causes undefined behavior.
What will a C compiler do to a program as long as it is syntactically correct?
As long as a program is syntactically correct, a C compiler will compile the program without any errors.
What does undefined behavior in C formally allow for?
Undefined behavior in C allows for anything to happen when running the program.
What does scanf() return?
scanf() returns the number of items converted successfully.
scanf() successfully#include <stdio.h>
int main(void)
{
int a;
printf("Enter a number: ");
while (scanf("%d", &a) != 1)
{
// Input was not a number, ask again:
printf("Enter a number: ");
}
printf("You entered %d.\n", a);
}
What's the second rule for using scanf()?
The second rule for using scanf() is not using it for reading input, only for parsing input.
What is the first argument of scanf()?
The first argument of scanf() is a format string which describes what scanf() should parse.
What happens if
scanf()finds input it can't parse?
Ifscanf()finds input it can't parse, it won't read it.What happens if you use a loop to check if
scanf()has read input from the user and non-matching input is entered, and why?
If you use a loop to check ifscanf()has read input from the user and non-matching input is entered, it will loop endlessly becausescanf()is trying to read over the same unreadable input every time.
What should you never be done to an input stream and why?
An input stream should never be flushed because it's undefined behavior.
scanf() to read a string#include <stdio.h>
int main(void)
{
char name[12];
printf("What's your name? ");
scanf("%s", name);
printf("Hello %s!\n", name);
}
What is your program vulnerable to if you just use scanf() to read a string with "%s" as the format string and why?
If you just use scanf() to read a string with "%s" as the format string, your program is vulnerable to buffer overflows because scanf() doesn't know when to stop reading.
What is a buffer overflow?
A buffer overflow is a specific kind of undefined behavior resulting from a program trying to write more data to an array variable than the variable can hold.
What will a buffer overflow result in practice?
In practice, a buffer overflow will result in overwriting some other data which is stored after the variable in memory.
...
What is the third rule of using scanf()?
The third rule of using scanf() is to use field widths with conversions that parse to a string.
...