scanf() scanset

Quote:

---

Originally Posted by Noir

I don't see how that relates to this. scanf() is portable, and when I use it appropriately it always works.

---

The "works for me" mentality is one that you need to lose. Case in point:

Code:

---

#include <stdio.h>

int main(void)
{
        int iScanRet;
        char szSSN[15];
       
        printf("Enter a SSN number: ");
        fflush(stdout);
        iScanRet = scanf("%[0123456789]",szSSN);
       
        printf("iScanRet = %d\n",iScanRet);
        printf("szSSN = %s\n",szSSN);
       
        return 0;
}

---

Sample I/O:

Code:

---

Enter a SSN number: 123456789123456789
iScanRet = 1
szSSN = 123456789123456☺

---

As you can see, scanf() allowed me to overflow the buffer, yet it also signified success. Do you see the major problem with using scanf() to read strings? It's the same problem with using gets().

Overflowing a buffer should never be possible in a program that you write if you can help it. In this case, you can definitely help it.

Quote:

---

Originally Posted by Noir

Now you're just making things up. I'm not talking about how "wonderful" anything is. I'm talking about how scanf() is just as good of an option in this case as fgets(). Just a little while ago I was doing the same thing with gets() in that case. What I don't like is that you guys completely ignore valid solutions that aren't in vogue because of personal preference, and then you jump me for even mentioning them.

---

Debating about insecure code should not be about preference. Reading strings using scanf() in the way that you are advocating is unsafe. Using gets() is unsafe. Using fgets() is safe.

You need to understand the difference between safe and unsafe. If you choose to use unsafe methods in your own code, that's your business although I will still say you should not do it. Do not use unsafe methods in commercial code or code that I or others should have to rely upon to be safe. You should always write portable code that is safe.

You do realize that changing the scanf() to the following makes it secure, right?

Code:

---

        iScanRet = scanf("%14[0123456789]",szSSN);

---

It still doesn't tell you whether or not their input was correct, but at least you can't overrun the buffer anymore.

scanf() is safe if you use it correctly. gets() is unsafe no matter what. Don't confuse the two.

Quote:

---

Do you see the major problem with using scanf() to read strings?

---

Not really, because you used scanf() wrong. :D If you put in a field width the buffer overflow isn't possible. But your code is broken anyway because of that because a social security number is 9 digits and you allow up to 15. This works correctly and your example bug goes away.

Code:

---

iScanRet = scanf("%9[0123456789]",szSSN);

---

Quote:

---

You need to understand the difference between safe and unsafe.

---

Sorry, but you need to learn how to use something before declaring it safe or unsafe.

Quote:

---

Originally Posted by Noir

Not really, because you used scanf() wrong. :D If you put in a field width the buffer overflow isn't possible. But your code is broken anyway because of that because a social security number is 9 digits and you allow up to 15.

---

Funny how you point this out only when I demonstrate how scanf() is unsafe in the manner that you said was OK to use it.

Quote:

---

Originally Posted by Noir

Sorry, but you need to learn how to use something before declaring it safe or unsafe.

---

scanf() is unsafe is many of its forms. The kind that you said was OK for the OP's purpose was unsafe, but you kept on arguing how you knew for sure that the data was formatted the exact way that it needed to be. I proved my point. His program can be broken quite easily. You neglected to inform him that it was not safe in that form, and instead argued with me over the proper way of doing it, although he was in fact overflowing his buffer anyway:

Code:

---

#define PSIZE 9

...

int main (void)
{
    char FIRST[NSIZE + 1], LAST[NSIZE + 1];
    //int SSN[PSIZE + 1], ps;
    int ps, pr;
char SSN[PSIZE];
    printf("first name?");
    scanf("%15s",FIRST);
    printf("Last name?");
    scanf("%15s",LAST);
    printf("Social Security?");
    scanf("%[0123456789]",SSN);
    printf("%s",SSN);

}

---

Writing 9 chars into a 9-char string... so much for '\0'. :rolleyes:

Quote:

---

Originally Posted by itsme86

You do realize that changing the scanf() to the following makes it secure, right?

Code:

---

        iScanRet = scanf("%14[0123456789]",szSSN);

---

It still doesn't tell you whether or not their input was correct, but at least you can't overrun the buffer anymore.

scanf() is safe if you use it correctly. gets() is unsafe no matter what. Don't confuse the two.

---

scanf() is a poor choice to read strings for multiple reasons. My point in bringing out that scanf() could be unsafe is that while Noir has some kind of hatred for fgets() for whatever reason, he's willing to tell others that using gets() or scanf() without safe format specifiers is just as valid as fgets() when that is clearly not the case.

All in all, Noir's attitude boils down to "works for me", and we are all aware of that being a wrong one to have.

Quote:

---

Funny how you point this out only when I demonstrate how scanf() is unsafe in the manner that you said was OK to use it.

---

I missed that in my example because the question was about stream garbage, not buffer overflows and scanf() safety. It's kind of hypocritical of you to think that I can't make a mistake when you just made the same one. But you were focusing on safety with your example and I didn't even consider it when I pasted bradleyd's code and added a single space to answer the question he asked. If I thought that someone would be a jerk about it I would have rewritten the program completely to be completely safe while answering the unrelated question.

Quote:

---

I proved my point.

---

Yeah, but not the way you meant to. You proved that scanf() is hard to use safely by using it wrong. I'll concede that point. :D

Quote:

---

You neglected to inform him that it was not safe in that form, and instead argued with me over the proper way of doing it

---

I didn't pay enough attention to safety when I answered his question, and now that we're looking at safety closely and you made a mistake, you use that as a weapon against me. Very mature of you. Sorry, but I'm done with you if you're going to be childish.

Quote:

---

he's willing to tell others that using gets() or scanf() without safe format specifiers is just as valid as fgets() when that is clearly not the case.

---

Find two places in this thread where I posted code for scanf() without a field width and I'll let that comment slide. But if you're basing your entire argument of my "works for me" attitude on a simple oversight, you have no argument.

missed the posts on how bad scanf is, will go back and look Brewbuck.

I'm not sure why you think I made a mistake. I was aware someone was most likely going to post that scanf() could be used safely with strings. What I was pointing out was that scanf() is not inherently safe, especially in the way that you used it. As I said in my post:

Quote:

---

Originally Posted by MacGyver

Debating about insecure code should not be about preference. Reading strings using scanf() in the way that you are advocating is unsafe. Using gets() is unsafe. Using fgets() is safe.

---

Bold addition mine. :rolleyes:

On more than one occasion you have come across with a "works for me" attitude. Once was where you explicitly stated that gets() was fine because it worked in the manner that you used it. You also were advocating that it would be fine for the OP's purpose at that time.

The other occasion would be now where you are stating that since scanf() works for you, it's just as valid as other methods. Again, you were advocating it would be fine for the OP's purpose.

All you are serving to do is encourage people to use functions they are taught without learning the alternatives. If they are ever called upon to write software that requires safe code and aggressive error checking, I certainly hope they've moved past gets() and the like.