Disadvantages of scanf

by

Most of the answers so far seem to focus on the string buffer overflow issue. In reality, the format specifiers that can be used with scanf functions support explicit field width setting, which limit the maximum size of the input and prevent buffer overflow. This renders the popular accusations of string-buffer overflow dangers present in scanf virtually baseless. Claiming that scanf is somehow analogous to gets in the respect is completely incorrect. There’s a major qualitative difference between scanf and gets: scanf does provide the user with string-buffer-overflow-preventing features, while gets doesn’t.

One can argue that these scanf features are difficult to use, since the field width has to be embedded into format string (there’s no way to pass it through a variadic argument, as it can be done in printf). That is actually true. scanf is indeed rather poorly designed in that regard. But nevertheless any claims that scanf is somehow hopelessly broken with regard to string-buffer-overflow safety are completely bogus and usually made by lazy programmers.

The real problem with scanf has a completely different nature, even though it is also about overflow. When scanf function is used for converting decimal representations of numbers into values of arithmetic types, it provides no protection from arithmetic overflow. If overflow happens, scanf produces undefined behavior. For this reason, the only proper way to perform the conversion in C standard library is functions from strto... family.

So, to summarize the above, the problem with scanf is that it is difficult (albeit possible) to use properly and safely with string buffers. And it is impossible to use safely for arithmetic input. The latter is the real problem. The former is just an inconvenience.

P.S. The above in intended to be about the entire family of scanf functions (including also fscanf and sscanf). With scanf specifically, the obvious issue is that the very idea of using a strictly-formatted function for reading potentially interactive input is rather questionable.

More Related Contents:

  1. Reading string from input with space character? [duplicate]
  2. read comma-separated input with `scanf()`
  3. Input in C. Scanf before gets. Problem
  4. What does `scanf(“%*[^\n]%*c”)` mean?
  5. How can I scan strings with spaces in them using scanf()? [duplicate]
  6. Wrong format specifiers in scanf (or) printf
  7. How to use int16_t or int32_t with functions like scanf [duplicate]
  8. whitespace in the format string (scanf)
  9. Why my Program isnt working after providing input?
  10. How do you allow spaces to be entered using scanf?
  11. When should I use ampersand with scanf()
  12. Using “\n” in scanf() in C [duplicate]
  13. How to read string from keyboard using C?
  14. Does scanf() take ‘\n’ as input leftover from previous scanf()?
  15. difference between %ms and %s scanf
  16. Scanf won’t execute for second time
  17. Why doesn’t scanf need an ampersand for strings and also works fine in printf (in C)?
  18. scanf ignoring, infinite loop
  19. Which is the best way to get input from user in C?
  20. scanf() variable length specifier
  21. scanf not working as expected
  22. C getopt multiple value
  23. strstr not functioning
  24. Program doesn’t execute gets() after scanf(), even using fflush(stdin)
  25. If statements not working?
  26. SegFault after scanf?
  27. C programming – Loop until user inputs number scanf
  28. C For loop skips first iteration and bogus number from loop scanf
  29. scanf not working. need to read double from console
  30. Scan multiple integers without knowing the actual number of integers

Leave a Comment