scanf中%(limit)[^ \ n]的行为是什么?从溢出安全吗? [英] What is the behavior of %(limit)[^\n] in scanf ? It is safety from overflow?
问题描述
用于 scanf 函数的%(limit)[^ \ n] 格式不安全吗?(其中(限制)是字符串的长度-1)
The format %(limit)[^\n] for scanf function is unsafe ? (where (limit) is the length -1 of the string)
如果不安全,为什么?
有一种安全的方法来实现仅使用scanf()即可捕获字符串的函数?
And there is a safe way to implement a function that catch strings just using scanf() ?
在Linux程序员手册上(在终端上键入man scanf), s 格式表示:
On Linux Programmer's Manual, (typing man scanf on terminal), the s format said:
匹配一系列非空格字符;下一个指针必须是指向字符数组的指针,该指针必须足够长以容纳输入序列和终止的空字节('\ 0'),该字符会自动添加.输入字符串停在空格或最大字段宽度(以先出现者为准).
Matches a sequence of non-white-space characters; the next pointer must be a pointer to character array that is long enough to hold the input sequence and the terminating null byte ('\0'),which is added automatically. The input string stops at white space or at the maximum field width, whichever occurs first.
输入字符串总是在最大字段宽度处停止吗?或者只是在海湾合作委员会(GCC)上?
The input string stops at maximum field width always ? Or is just on GCC ?
谢谢.
推荐答案
%(limit)[^ \ n] for scanf"通常是安全的.
%(limit)[^\n] for scanf" is usually safe.
在下面的示例中,将最多读取 个99个 char 并将其保存到 buf 中.如果保存了任何 char ,则会附加一个'\ 0',而 cnt 将为1.
In the below example, at most 99 char will be read and saved into buf. If any char are saved, a '\0' will be appended and cnt will be 1.
char buf[100];
int cnt = scanf("%99[^\n]", buf);
此功能当然是安全,但是其他功能呢?
This functionality is certainly safe, but what about others?
当输入是一个单独的"\ n" 时,会出现问题.
Problems occur when the input is a lone "\n".
在这种情况下,没有任何内容保存在 buf 中,并返回0.如果下一行代码如下,则输出为未定义行为为 buf 未初始化为任何内容.
In this case, nothing is saved in buf and 0 is returned. Had the next line of code been the following, the output is Undefined Behavior as buf is not initialized to anything.
puts(buf);
下面的更好的一行是
if (cnt == 1) puts(buf);
else printf("Return count = %d\n", cnt);
出现问题,因为未使用'\ n'.
Problems because the '\n' was not consumed.
'\ n'仍在等待读取,并且对 scanf(%99 [^ \ n]",buf); 的另一个调用不会读取'\ n'.
The '\n' is still waiting to be read and another call to scanf("%99[^\n]", buf); will not read the '\n'.
Q:是一种仅使用scanf()实现捕获字符串的函数的安全方法.
答:徒劳的:不容易.
Q: is a safe way to implement a function that catch strings just using scanf()
A: Pedantically: Not easily.
scanf(), fgets()等最适合用于读取 text ,而不是字符串.在C中,字符串是一个以'\ 0'结尾的 char 数组.通过 scanf(), fgets()等输入的内容通常在读取'\ 0'和 char 时会遇到问题代码>始终不在输入中.通常认为输入是由'\ n'或其他空格终止的 char 组.
scanf(), fgets(), etc. are best used for reading text, not strings. In C a string is an array of char terminated with a '\0'. Input via scanf(), fgets(), etc. typically have issues reading '\0' and typically that char is not in the input anyways. Usually input is thought of as groups of char terminated by '\n' or other white-space.
如果代码正在读取以'\ n'终止的输入,则使用 fgets()效果很好并且可移植. fgets()也有它的弱点,可以通过多种方式来处理. getline()是一个不错的选择.
If code is reading input terminated with '\n', using fgets() works well and is portable. fgets() too has it weakness that are handled in various ways . getline() is a nice alternative.
一个近似的近似值是 scanf(%99 [^ \ n]",buf)(请注意添加的" ),但是单独解决不了处理过多的长行,读取多条空行,嵌入的'\ 0'检测,报告报告读取长度的能力( strlen()由于嵌入的'\ 0'),并将尾随的'\ n '保留在 stdin 中.
A close approximate would be scanf(" %99[^\n]", buf) (note the added " "), but alone that does not solve handing excessive long lines, reading multiple empty lines, embedded '\0' detection, loss of ability to report length read (strlen() does not work due to embedded '\0') and its leaving the trailing '\n' in stdin.
使用 scanf(%c",& ch)和大量周围的代码(这很愚蠢,只需使用 fgetc())的简短操作,我看到了读取一行用户输入时,绝对无法绝对安全地使用单个 scanf().
Short of using scanf("%c", &ch) with lots of surrounding code (which is silly, just use fgetc()) , I see no way to use a single scanf() absolutely safely when reading a line of user input.
Q:输入字符串总是在最大字段宽度处停止吗?
答:当遇到'\ n'时,使用 scanf(%99 [^ \ n]" ,输入停止1)-'\ n'未保存并保留在文件输入缓冲区中2)读取了99个
Q: The input string stops at maximum field width always ?
A: With scanf("%99[^\n]", input stops 1) when a '\n' is encountered - the '\n' is not saved and remains in the file input buffer 2) 99 char have been read 3) EOF occurs or 4) IO error occurs (rare).
这篇关于scanf中%(limit)[^ \ n]的行为是什么?从溢出安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
