{"id":2812,"date":"2017-11-18T00:01:13","date_gmt":"2017-11-18T08:01:13","guid":{"rendered":"http:\/\/c-for-dummies.com\/blog\/?p=2812"},"modified":"2017-11-11T10:14:19","modified_gmt":"2017-11-11T18:14:19","slug":"safe-coding-practices-scanf","status":"publish","type":"post","link":"https:\/\/c-for-dummies.com\/blog\/?p=2812","title":{"rendered":"Safe Coding Practices &#8211; <em>scanf()<\/em>"},"content":{"rendered":"<p>When it was <a href=\"http:\/\/c-for-dummies.com\/blog\/?p=2797\">pointed out to me<\/a> that using the <em>scanf()<\/em> functions in my online teaching material was an &#8220;unsafe coding practice,&#8221; I thought, &#8220;Well, duh!&#8221; I&#8217;ve never been a fan of <em>scanf()<\/em>; it&#8217;s an ugly function.<br \/>\n<!--more--><br \/>\nI recall when I first learned to code. The <em>scanf()<\/em> function frustrated me. In fact, one of the first functions I coded in C, one that I used over and over, is my own <em>input()<\/em> function to read a string of text; I&#8217;ve never used <em>scanf()<\/em> beyond my books or courses.<\/p>\n<p>Here is what I wrote in a <a href=\"http:\/\/c-for-dummies.com\/blog\/?p=2183\">blog post<\/a> in October 2016:<\/p>\n<blockquote><p>I\u2019m not a fan of the <em>scanf()<\/em> function, despite how handy it can be. It\u2019s a great teaching tool, but for a program that accepts string input, you need to use <em>fgets()<\/em> instead.<\/p><\/blockquote>\n<p>The post from April 2014 is titled &#8220;<a href=\"http:\/\/c-for-dummies.com\/blog\/?p=646\"><em>scanf()<\/em> the Bastard<\/a>.&#8221;<\/p>\n<p>Yes, I have no love for the function, but how specifically is it an &#8220;unsafe&#8221; programming practice? The issue raised was that it&#8217;s not suited for numeric input. That&#8217;s one useful feature <em>scanf()<\/em> has, especially when writing a program to teach C; it replaces a bunch of other functions required to convert string input to a numeric value.<\/p>\n<p>The issue raised is the &#8220;undefined behavior&#8221; of <em>scanf()<\/em>, specifically when input isn&#8217;t what&#8217;s requested. I mention this vulnerability in my teachings: You must trust that the user types the input requested or the code goes bonkers, especially for numeric input.<\/p>\n<pre class=\"screen\">\r\n#include &lt;stdio.h&gt;\r\n\r\nint main()\r\n{\r\n    float balance;\r\n\r\n    printf(\"Enter your bank balance: \");\r\n    scanf(\"%f\",&amp;balance);\r\n    printf(\"Half your balance is %.2f\\n\",\r\n            balance\/2);\r\n\r\n    return(0);\r\n}<\/pre>\n<p>If you run this code and type a value, it works. Type a string as input and you see:<\/p>\n<p><code>Enter you bank balance: none of your business<br \/>\nHalf your balance is 0.00<\/code><\/p>\n<p>If you type <strong>NAN<\/strong>, you get:<\/p>\n<p><code>Enter you bank balance: NAN<br \/>\nHalf your balance is nan<\/code><\/p>\n<p>The value <code>NAN<\/code> is numeric code for &#8220;not a number&#8221;; <code>INF<\/code> is code for &#8220;infinity.&#8221; These are both &#8220;values&#8221; interpreted by the C program. <code>NAN<\/code> can also be output, for example, when you try to obtain the square root of a negative value.<\/p>\n<p>The <em>fscanf()<\/em> function, which reads values from a file, also suffers from the same flaws as <em>scanf()<\/em>. Yet, as a teaching tool, I believe using the function is okay. For code released to the wild, don&#8217;t use <em>fscanf()<\/em>, either.<\/p>\n<p>These issues are important, and I believe I fully address them in my courses. For details from the Software Engineering Institute&#8217;s concerns regarding various <em>scanf()<\/em> weaknesses, <a href=\"https:\/\/www.securecoding.cert.org\/confluence\/display\/c\/INT05-C.+Do+not+use+input+functions+to+convert+character+data+if+they+cannot+handle+all+possible+inputs\" rel=\"noopener\" target=\"_blank\">click here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just don&#8217;t ever use this function in any code you plan on releasing into the wild. <a href=\"https:\/\/c-for-dummies.com\/blog\/?p=2812\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-2812","post","type-post","status-publish","format-standard","hentry","category-main"],"_links":{"self":[{"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2812","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2812"}],"version-history":[{"count":7,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2812\/revisions"}],"predecessor-version":[{"id":2832,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2812\/revisions\/2832"}],"wp:attachment":[{"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2812"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2812"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/c-for-dummies.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2812"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}