If someone complains about gets (), why not do the same with scanf ("% s", ...)?

Question

If someone complains about gets (), why not do the same with scanf ("% s", ...)?

From man gets:

Never use gets (). Because it is impossible to say without knowing the data in advance how many gets () characters will be read, and because gets () will continue to store characters beyond the end of the buffer, it is extremely dangerous to use. It was used to hack computer security. Use fgets () instead.

Almost everywhere I see that scanfis used in a way that should have the same problem ( buffer overflow / buffer overflow ) scanf("%s",string). Does this problem exist in this case? Why is scanfthere no link on the page ? Why doesn't gcc warn when compiling this with -Wall?

ps: I know there is a way to specify the maximum length of a string in a format string using scanf:

char str[10];
scanf("%9s",str);

edit: I am not asking to determine if the previous code is correct or not. My question is: if it’s scanf("%s",string)always wrong, why there are no warnings, and there is nothing about it on the manual page?

+5

c scanf gets buffer-overflow

dbarbosa Jun 04 '10 at 20:26

source share

5 answers

gets() . scanf() , . , , , (, scanf() , , - , ); , , .

+4

Niall C. 04 . '10 20:29

scanf, ! , . , GCC, , . , , , C. , , :

char* str;
size_t size;
scanf("%z", &size);
str = malloc(size);
scanf("%9s"); // how can the compiler determine if this is a safe call?!

, scanf, . gets .

+3

AraK 04 . '10 20:35

, man- scanf , vanilla scanf . - http://blogs.msdn.com/b/rsamona/archive/2005/10/24/484449.aspx . , ( gcc, ) - http://blogs.msdn.com/b/parthas/archive/2006/12/06/application-crash-on-replacing-sscanf-with-sscanf-s.aspx

+1

Gangadhar 04 . '10 20:35

It may just be that scanf will allocate space on the heap depending on how much data is being read. Since it does not allocate a buffer and then reads until a null character is read, it does not run the risk of overwriting the buffer. Instead, it reads its own buffer until a null character is found, and presumably copies this buffer to another out of the right size at the end of reading.

-4

Graham Jun 04 '10 at 20:33

source share

caf · Accepted Answer · 2010-06-05T03:45:41+0000

The answer is that no one wrote code in GCC to receive this warning.

As you noticed, a warning for a specific case "%s"(without field width) is quite appropriate.

, scanf(), vscanf(), fscanf() vfscanf(). sscanf() vsscanf(), . , "scanf-style-format-string"; "fscanf-style-format-string" "sscanf-style-format-string".

, GCC, (, , glibc).

If someone complains about gets (), why not do the same with scanf ("% s", ...)?

More articles: