Reputation:
Am I using scanf incorrectly?
Each line of input is a line with a command followed by numbers (except in the exit case).
I cannot figure out what I am doing wrong. This segment is looking for the store command and then does the action store entails:
char command[20];
while(strcmp(command, "exit") != 0)
{
/*scans for command strings inputted*/
scanf(" %s", command);
/* handles store command*/
if(strcmp(command, "store") == 0)
{
memory[0] = 1;
scanf("%d %d %d %d %d", &startx, &starty, &finishx, &finishy, &number);
for( i = startx; i < finishx; i++)
{
for(j = starty; j < finishy; j++)
{
square[i][j] = number;
}
}
}
}
Upvotes: 2
Views: 1270
Answers (1)
Reputation: 882596
Yes, you are using it wrongly(a). The line:
scanf(" %s", command);
has no bounds checking on the input. If someone enters more than 19 characters into your program, it will overflow the char command[20] and result in undefined behaviour.
The two major problems with scanf are:
- using it with an unbounded
%ssince there's no way to control how much data is entered. My favourite saying is thatscanfis to scan formatted information and there's not much less formatted than user input. - not checking how many items were scanned - it's possible to scan less than you expected.
If you want to do it right, see here. It uses fgets to get a line, protecting from buffer overflows and detecting problems.
Once you have the line as a string, you can safely sscanf it to your heart's content, since you know the upper bound on the length and you can always return to the start of the string to re-scan (not something easy to do with an input stream).
Other problems with your code include:
- The initial
strcmpon an uninitialised buffer. It could actually be (arbitrarily) set toexitwhich would cause your loop not too start. More likely is that it's not a valid C string at all, meaningstrcmpwill run off the end of the buffer. That won't necessarily end well. - No checking that all your numeric items were entered correctly. You do that by checking the return value from
scanf(orsscanfshould you follow my advice on using the rock-solid input function linked to here) - it should be five but entering1 hello 2 3 4would result in a return code of one (and all butstartxunchanged). - No range checking on input. Since
squarehas limited dimensions, you should check the inputs to ensure you don't write outside of the array. That's both numbers that are too large and negative numbers.
(a) Syntactically, what you have is correct. However, from a actual semantic point of view (i.e., what you mean to happen vs. what may happen), there's a hole in your code large enough to fly an Airbus A380 through :-)
Upvotes: 9
Related Questions
- Why is my scanf function getting skipped?
- I can't seem to figure out why scanf in my code is acting so weird
- Why would this scanf() statement not work?
- Issue with scanf() function in c?
- What is wrong with this scanf usage?
- Issue with scanf() in C
- scanf not working as expected
- Scanf seems to be working incorrectly, or I am doing something wrong
- scanf() not working properly?
- Having trouble with the scanf() function