Some forms of formatted input can cause buffer overflow and should not be used.
Care must be taken on formatted input to avoid buffer overflow. In particular, the "%s" input format is inherently unsafe. A better alternative is "%ddds" or "%*s", where ddd is the sized of the destination buffer, for example "%24s". If the buffer size is not a compile time constant, then "%*s" can be used, where "*" obtains the maximum size from the next input argument, for example, scanf("%*s", sizeof(buffer), buffer);
ID |
Observation |
Description |
---|---|---|
1 |
Format mismatch |
The unsafe formatted input statement |
#include <stdio.h> char buffer[1024]; int main(int argc, char **argv) { scanf("%s", buffer); // unsafe: could overflow buffer // better is scanf("%*s", sizeof(buffer), buffer); printf("read %s\n", buffer); return 0; }
Copyright © 2010, Intel Corporation. All rights reserved.