Problems with scanf()
Steven Paul Miale
spm2d at watt1.acc.Virginia.EDU
Sat Oct 13 01:41:56 AEST 1990
I have received many replies to my question about the safety of using
scanf() in a program, including one flame, remarkably. I have decided
to post the answers (overwhelmingly anti-scanf(), BTW). Keep in mind
that this "survey" is not big enough to be judged accurate. However,
I would still be cautious about using scanf() until then.
First, the flame, just received:
Date: Fri, 5 Oct 90 11:37:16 -0500
From: Judge Dredd <bob at en.ecn.purdue.edu>
Message-Id: <9010051637.AA21255 at en.ecn.purdue.edu>
To: spm2d at watt1.acc.virginia.edu
Subject: Re: scanf() problems
Newsgroups: comp.lang.c
In-Reply-To: <1990Oct4.130831.7814 at murdoch.acc.Virginia.EDU>
Organization: Purdue University Engineering Computer Network
Status: RO
In article <1990Oct4.130831.7814 at murdoch.acc.Virginia.EDU> you write:
>Recently, I have heard that many implementations of C have a buggy version
...
>Please E-mail me, as I usually do not keep up with this newsgroup.
Ever think that after taking the time to read your question that some
of us might like to SEE THE ANSWERS?!?!
Ever think how rude it is to jump into a group, tell it you want to use
its resources, and then add that you won't be around long enough to read
the answer, so you'll be sucking all the replies into your mailbox where
only you can read them?
Ever think that most of the people that read the group don't even post?
They simply read the group to LEARN? Ever think that this learning is
from reading people's questions and the POSTED replies?
I understand how you might not have the time or whatever to read the
group. No problem. So what's the solution? Well, if you look at any
of the "netiquette" files floating around you'll see that the "proper"
B
thing to do in cases like this is to ask your question, request email,
and ANNOUNCE IN THE ORIGINAL POSTING that you will be posting a summary
in a week or whatever. And then do it. Also, you should keep ALL replies
in a file for a reasonable amount of time and email that file to anyone
who requests it.
--
Bob Rusbasan
bob at en.ecn.purdue.edu
<ahem>. Now, some real answers:
From: tanner at cdis-1.compu.com
To: spm2d at watt1.acc.virginia.edu
Subject: Re: scanf() problems
Newsgroups: comp.lang.c
In-Reply-To: <1990Oct4.130831.7814 at murdoch.acc.Virginia.EDU>
Organization: CompuData, Inc. (DeLand)
X-Snail: 1409 E New York Ave; DeLand, FLA 32724.
X-Phone: +1 904 736 0866
Message-Id: <00002CB at cdis-1.compu.com>
Status: RO
Even a working scanf() is bad news; avoid it like the plague. It
does a poor job of coping with bad input, and will surely confuse
interactive users.
Use fgets() or something, and parse the input yourself. Even using
sscanf() on the fgets()ed input is far better than using scanf().
--
uflorida!ki4pv!cdis-1!tanner {uunet dsinc}!cdin-1!cdis-1!tanner
To: Steven Paul Miale <spm2d at watt1.acc.virginia.edu>
Subject: Re: scanf() problems
From: "Roy M. Silvernail" <cybrspc!roy at cs.umn.edu>
Message-Id: <moHLq1w163w at cybrspc>
Date: Fri, 05 Oct 90 19:53:57 CDT
In-Reply-To: <1990Oct4.130831.7814 at murdoch.acc.Virginia.EDU>
Organization: Villa CyberSpace, Minneapolis, MN
Status: RO
spm2d at watt1.acc.Virginia.EDU (Steven Paul Miale) writes:
> Recently, I have heard that many implementations of C have a buggy version
> of scanf() attached which may cause a hard drive crash; these assertations
> are from the famous C authorities here in Charlottesville.
> They also claim that most scanf() versions are buggy, and to use other
> read commands (such as gets() ) or to write your own routines.
> Is there any truth to this rumor? I have repeatedly told these few
> not to blast all versions of C because a few may have bad implementations,
> but they keep pestering me and I want some *real* C programmers to set
> it straight.
> Please E-mail me, as I usually do not keep up with this newsgroup.
> ---
> Steven Miale
> spm2d at virginia.edu
While I haden't heard of scanf() crashing a disk, I still never use it.
The reason is that scanf() expects input to be formatted properly, and
you cannot guarantee that a user will not make a mistake. Input routines
should always, IMHO, read to a buffer and _validate the inputted data_.
At the least, a scanf() call may return unexpected data and/or leave
unread data in the stdin buffer. At worst, data read may overwrite the
end of an array and cause no end of havoc. 'Tis much safer to gets(),
validate the string returned, and sscanf() the string.
--
Roy M. Silvernail | #include <stdio.h> | Does virtual
now available at: | main(){ | reality need
cybrspc!roy at cs.umn.edu | float x=1; | swap space?
(cyberspace... be here!)| printf("Just my $%.2f.\n",x/50);} | -- me
B
From: Dave Eisen <dkeisen at gang-of-four.stanford.edu>
Message-Id: <9010050530.AA25480 at Gang-of-Four.Stanford.EDU>
To: spm2d at watt1.acc.virginia.edu
Subject: Re: scanf() problems
Newsgroups: comp.lang.c
In-Reply-To: <1990Oct4.130831.7814 at murdoch.acc.Virginia.EDU>
Organization: Sequoia Peripherals
Cc:
Status: RO
Even if scanf works, it doesn't work. You never want to use it because
if the user doesn't happen to enter a statement that matches the correct
format, scanf doesn't react intelligently. Uses gets and then sscanf
the buffer you read into.
--
Dave Eisen Home: (415) 323-9757
dkeisen at Gang-of-Four.Stanford.EDU Office: (415) 967-5644
1447 N. Shoreline Blvd.
Mountain View, CA 94043
Reply-To: Stephen Clamage <steve at taumet.com>
Message-Id: <9010051513.AA02049 at taumet.com>
Date: Fri, 5 Oct 90 15:13:07 GMT
From: Stephen Clamage <steve at taumet.com>
X-Local-Time: Fri, 5 Oct 90 08:13:07 PDT
To: spm2d at watt1.acc.virginia.edu
Subject: Re: scanf() problems
Newsgroups: comp.lang.c
References: <1990Oct4.130831.7814 at murdoch.acc.Virginia.EDU>
Status: RO
In comp.lang.c you write:
>Recently, I have heard that many implementations of C have a buggy version
>of scanf() attached which may cause a hard drive crash; these assertations
>are from the famous C authorities here in Charlottesville.
>They also claim that most scanf() versions are buggy, and to use other
>read commands (such as gets() ) or to write your own routines.
Floating-point conversion routines in most C libraries tend not to be
very good, since they are not usually written by numerical analysts.
Unless you have an excellent reference, are a trained numerical analyst,
or have a very restricted set of possible values to contend with,
you may not be able to do any better. "Sigplan Notices", vol 25, No 6,
June 1990, contains a pair of articles describing how to read and write
floating-point values. It is hard to get right.
I have never heard of scanf crashing a hard drive, but then I don't
use scanf much -- actually never, except in throw-away test programs.
Scanf does not give you proper control over reading input data produced
by humans, which is full of weird typos and other errors. It does not
give any good recovery mechanism when errors are encountered. It is
generally clunky and error-prone to use (the most common error is
to use the %f conversion to read a value into a double).
If your C library has good implementations of strtoi(), strtol(), and
strtod(), you can make a more robust program using these plus character
input routines such as you describe. If you want a quick-and-dirty
throw-away program, scanf should suffice if it doesn't trash your disk.
--
Steve Clamage, TauMetric Corp, steve at taumet.com
From: Richard Bumby <bumby at math.rutgers.edu>
Message-Id: <9010051926.AA17708 at math.rutgers.edu>
To: spm2d at watt1.acc.virginia.edu
Cc: bumby at math.rutgers.edu
Subject: Re: scanf() problems
In-Reply-To: USENET article <1990Oct4.130831.7814 at murdoch.acc.Virginia.EDU>
Status: RO
In article <1990Oct4.130831.7814 at murdoch.acc.Virginia.EDU> you wrote:
> They also claim that most scanf() versions are buggy, and to use other
> read commands (such as gets() ) or to write your own routines.
> Is there any truth to this rumor?
I'm not a real C programmer, but I have used Whitesmith's C for an
MC68000 based machine and Manx Aztec-C for the IBMPC. In both cases,
there is more than one version of formatted I/O included in the
libraries, and the two versions have different behavior in identical
situations. It seems to be difficult to get this right. The main
reason for using scanf() is to have a single function to use during
development so that you don't have to think about I/O. You can
usually learn the one or two strange features of the version that you
have. Once you know what kind of input to expect, you will do much
better with a customized interface -- and you can be reasonably sure
that it will be portable, too.
--
--R. T. Bumby ** Math ** Rutgers ** New Brunswick ** NJ08903 ** USA --
above postal address abbreviated by internet to bumby at math.rutgers.edu
voice communication unreliable -- telephone ignored -- please use Email
Date: Fri, 5 Oct 90 18:10:52 EDT
From: Larry Jones <sdrc!scjones%thor at uunet.uu.net>
Message-Id: <9010052210.AA00032 at thor>
To: uunet!watt1.acc.Virginia.EDU!spm2d at uunet.uu.net
Subject: Re: scanf() problems
In-Reply-To: your article <1990Oct4.130831.7814 at murdoch.acc.Virginia.EDU>
News-Path: sdrc!uunet!know!zaphod.mps.ohio-state.edu!wuarchive!udel!haven!uvaarpa!murdoch!watt1.acc.Virginia.EDU!spm2d
Status: RO
> Recently, I have heard that many implementations of C have a buggy version
> of scanf() attached which may cause a hard drive crash; these assertations
> are from the famous C authorities here in Charlottesville.
> They also claim that most scanf() versions are buggy, and to use other
> read commands (such as gets() ) or to write your own routines.
> Is there any truth to this rumor? I have repeatedly told these few
> not to blast all versions of C because a few may have bad implementations,
> but they keep pestering me and I want some *real* C programmers to set
> it straight.
I think you need some new C authorities. ;-)
Most versions of scanf work just fine, although they do not all agree
on all of the finer and more obscure details of formatting. On the
other hand, scanf is deceptively easy to use and nearly impossible to
use in a completely correct and robust manner, which has lead many
people to recommend using a combination of fgets and sscanf instead
of scanf. Perhaps that was the point your local experts were trying
to make.
----
Larry Jones UUCP: uunet!sdrc!thor!scjones
SDRC scjones at thor.UUCP
2000 Eastman Dr. BIX: ltl
Milford, OH 45150-2789 AT&T: (513) 576-2070
I don't like these stories with morals. -- Calvin
More information about the Comp.lang.c
mailing list