被认为sscanf的安全使用? [英] Is sscanf considered safe to use?
问题描述
我的建议模糊的回忆,的sscanf
是坏的。我知道它不会溢出缓冲区,如果我使用的字段宽度说明,所以我的记忆中只是在玩把戏和我在一起?
I have vague memories of suggestions that sscanf
was bad. I know it won't overflow buffers if I use the field width specifier, so is my memory just playing tricks with me?
推荐答案
我想这取决于你如何使用它:如果您要扫描的东西像 INT
,它的罚款。如果你在扫描一个字符串,它不是(除非有一个宽领域,我忘了?)。
I think it depends on how you're using it: If you're scanning for something like int
, it's fine. If you're scanning for a string, it's not (unless there was a width field I'm forgetting?).
修改
这并不总是扫描字符串是安全的。
It's not always safe for scanning strings.
如果您的缓冲区的大小是一个常数,那么你当然可以将它指定为类似 20年代%
。但是,如果它不是一个常数,你需要在格式字符串指定它,你需要做的:
If your buffer size is a constant, then you can certainly specify it as something like %20s
. But if it's not a constant, you need to specify it in the format string, and you'd need to do:
char format[80]; //Make sure this is big enough... kinda painful
sprintf(format, "%%%ds", cchBuffer - 1); //Don't miss the percent signs and - 1!
sscanf(format, input); //Good luck
这是可能的,但非常容易出错,就像我在previous编辑做了(忘了照顾空终止的)。你甚至可能会溢出,格式字符串缓冲区。
which is possible but very easy to get wrong, like I did in my previous edit (forgot to take care of the null-terminator). You might even overflow the format string buffer.
这篇关于被认为sscanf的安全使用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!