Thread: Should I check the return value of sscanf in this instance

  1. #1
    Registered User
    Join Date
    May 2015
    Posts
    228

    Should I check the return value of sscanf in this instance

    Suppose I had validated the input for buffer overflow or underflow and had made sure that the input was in the correct format that I was expecting it to be. Now it is time to retrieve the information and I'm using sscanf because it is easier and I want to send parts of a string to different variables. In that instance, would it then be ok to not check the return value of sscanf or would it still be good practice to check the return value of it. This kind of issue is something I've seen people discuss in regards to whether you should use a default case on a switch if you have covered all instances.

  2. #2
    Programming Wraith GReaper's Avatar
    Join Date
    Apr 2009
    Location
    Greece
    Posts
    2,728
    Of course it's good to check the return value of sscanf. I mean, are you absolutely sure that the string you're passing to it is 100% correct/expected every time?
    Devoted my life to programming...

  3. #3
    Lurking whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    9,612
    I'd probably check sscanf() because I am used to doing so, and because I cannot count the number of times I thought I got validation right, only to have sscanf() fail.

  4. #4
    Registered User
    Join Date
    May 2015
    Posts
    228
    Thanks for the response guys. I would say that I'm very much 100 percent sure GReaper but who knows. Something might slip through.

  5. #5
    Registered User
    Join Date
    May 2015
    Posts
    228
    Just out of curiosity, how would you guys answer to my switch statement. Say for example you were using a switch statement to check if the user entered on the keyboard w, a, s, or d. Many people say by the default that you should always have a default case in a switch statement so you can use it for error checking or to show that you have covered all instances. In this example, would you really type out default: // Do nothing Personally I wouldn't because I see it as code that is not going to run(or least should not).

  6. #6
    Registered User
    Join Date
    Jun 2011
    Posts
    4,509
    There are good arguments for both schools of thought - either always including a default case for a "switch()", or only including a default case when it's deemed necessary.

    I personally always include a default case, as I prefer to code defensively. Always including a default case removes some of the subjectivity of choice, as well - it might not always be equally clear to different people when a default case is "deemed necessary". Another consideration is when code is to be modified - while one may be certain at the time of writing that unexpected cases can never occur, that code (or other code that depends on that code) may be modified later on, where this certainty (whether through intentional change or a bug) no longer holds true.

    Side note: MISRA mandates that every "switch()" have a default case.

  7. #7
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,398
    You shouldn't validate data in more than one place. There are several problems with doing it.

    1. Dead code. If the code is validated at Point A and also at Point B, then it is possible Point B will never be reached if the data was found to be invalid at Point A. This will cause Point B to not be tested as well. Validation code is one of the most important types of code to test.

    2. Mismatch. The validation carried out at Point A is a little different from that at Point B, so that the two validators disagree on the same input. This is like having two watches on your wrist. You do not know what time it is.

    3. Drift. Even if Point A and Point B agree, they may not always do so. During maintenance you may adjust Point A and forget to adjust Point B, or vice versa.

    3. Laziness. You tell yourself "I may have not done the right thing at Point A, so let's be careful when we get to Point B." But if you suspect problems at Point A, you should fix Point A, and TEST it.

    Bottom line, if you believe the string is in the correct format at this point, call sscanf() and ignore the return code.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Return value of sscanf
    By dendeer82 in forum C Programming
    Replies: 7
    Last Post: 09-16-2012, 06:54 PM
  2. Replies: 4
    Last Post: 09-14-2012, 01:51 PM
  3. Check the return status of scanf
    By Taka in forum C Programming
    Replies: 10
    Last Post: 11-01-2006, 06:27 AM
  4. Remote Method return object instance?
    By BigDaddyDrew in forum C# Programming
    Replies: 0
    Last Post: 07-20-2004, 11:19 AM
  5. Check the new operator's return value?
    By John.H in forum C++ Programming
    Replies: 2
    Last Post: 04-17-2003, 09:37 AM