Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!uakari.primate.wisc.edu!aplcen!haven!uvaarpa!murdoch!watt1.acc.Virginia.EDU!spm2d From: spm2d@watt1.acc.Virginia.EDU (Steven Paul Miale) Newsgroups: comp.lang.c Subject: Problems with scanf() Summary: Yes Message-ID: <1990Oct12.154156.25096@murdoch.acc.Virginia.EDU> Date: 12 Oct 90 15:41:56 GMT Sender: spm2d@virginia.edu Reply-To: spm2d@watt1.acc.Virginia.EDU (Steven Paul Miale) Distribution: na Organization: University of Virginia Lines: 242 Ireallyam: spm2d I have received many replies to my question about the safety of using scanf() in a program, including one flame, remarkably. I have decided to post the answers (overwhelmingly anti-scanf(), BTW). Keep in mind that this "survey" is not big enough to be judged accurate. However, I would still be cautious about using scanf() until then. First, the flame, just received: Date: Fri, 5 Oct 90 11:37:16 -0500 From: Judge Dredd Message-Id: <9010051637.AA21255@en.ecn.purdue.edu> To: spm2d@watt1.acc.virginia.edu Subject: Re: scanf() problems Newsgroups: comp.lang.c In-Reply-To: <1990Oct4.130831.7814@murdoch.acc.Virginia.EDU> Organization: Purdue University Engineering Computer Network Status: RO In article <1990Oct4.130831.7814@murdoch.acc.Virginia.EDU> you write: >Recently, I have heard that many implementations of C have a buggy version ... >Please E-mail me, as I usually do not keep up with this newsgroup. Ever think that after taking the time to read your question that some of us might like to SEE THE ANSWERS?!?! Ever think how rude it is to jump into a group, tell it you want to use its resources, and then add that you won't be around long enough to read the answer, so you'll be sucking all the replies into your mailbox where only you can read them? Ever think that most of the people that read the group don't even post? They simply read the group to LEARN? Ever think that this learning is from reading people's questions and the POSTED replies? I understand how you might not have the time or whatever to read the group. No problem. So what's the solution? Well, if you look at any of the "netiquette" files floating around you'll see that the "proper" B thing to do in cases like this is to ask your question, request email, and ANNOUNCE IN THE ORIGINAL POSTING that you will be posting a summary in a week or whatever. And then do it. Also, you should keep ALL replies in a file for a reasonable amount of time and email that file to anyone who requests it. -- Bob Rusbasan bob@en.ecn.purdue.edu . Now, some real answers: From: tanner@cdis-1.compu.com To: spm2d@watt1.acc.virginia.edu Subject: Re: scanf() problems Newsgroups: comp.lang.c In-Reply-To: <1990Oct4.130831.7814@murdoch.acc.Virginia.EDU> Organization: CompuData, Inc. (DeLand) X-Snail: 1409 E New York Ave; DeLand, FLA 32724. X-Phone: +1 904 736 0866 Message-Id: <00002CB@cdis-1.compu.com> Status: RO Even a working scanf() is bad news; avoid it like the plague. It does a poor job of coping with bad input, and will surely confuse interactive users. Use fgets() or something, and parse the input yourself. Even using sscanf() on the fgets()ed input is far better than using scanf(). -- uflorida!ki4pv!cdis-1!tanner {uunet dsinc}!cdin-1!cdis-1!tanner To: Steven Paul Miale Subject: Re: scanf() problems From: "Roy M. Silvernail" Message-Id: Date: Fri, 05 Oct 90 19:53:57 CDT In-Reply-To: <1990Oct4.130831.7814@murdoch.acc.Virginia.EDU> Organization: Villa CyberSpace, Minneapolis, MN Status: RO spm2d@watt1.acc.Virginia.EDU (Steven Paul Miale) writes: > Recently, I have heard that many implementations of C have a buggy version > of scanf() attached which may cause a hard drive crash; these assertations > are from the famous C authorities here in Charlottesville. > They also claim that most scanf() versions are buggy, and to use other > read commands (such as gets() ) or to write your own routines. > Is there any truth to this rumor? I have repeatedly told these few > not to blast all versions of C because a few may have bad implementations, > but they keep pestering me and I want some *real* C programmers to set > it straight. > Please E-mail me, as I usually do not keep up with this newsgroup. > --- > Steven Miale > spm2d@virginia.edu While I haden't heard of scanf() crashing a disk, I still never use it. The reason is that scanf() expects input to be formatted properly, and you cannot guarantee that a user will not make a mistake. Input routines should always, IMHO, read to a buffer and _validate the inputted data_. At the least, a scanf() call may return unexpected data and/or leave unread data in the stdin buffer. At worst, data read may overwrite the end of an array and cause no end of havoc. 'Tis much safer to gets(), validate the string returned, and sscanf() the string. -- Roy M. Silvernail | #include | Does virtual now available at: | main(){ | reality need cybrspc!roy@cs.umn.edu | float x=1; | swap space? (cyberspace... be here!)| printf("Just my $%.2f.\n",x/50);} | -- me B From: Dave Eisen Message-Id: <9010050530.AA25480@Gang-of-Four.Stanford.EDU> To: spm2d@watt1.acc.virginia.edu Subject: Re: scanf() problems Newsgroups: comp.lang.c In-Reply-To: <1990Oct4.130831.7814@murdoch.acc.Virginia.EDU> Organization: Sequoia Peripherals Cc: Status: RO Even if scanf works, it doesn't work. You never want to use it because if the user doesn't happen to enter a statement that matches the correct format, scanf doesn't react intelligently. Uses gets and then sscanf the buffer you read into. -- Dave Eisen Home: (415) 323-9757 dkeisen@Gang-of-Four.Stanford.EDU Office: (415) 967-5644 1447 N. Shoreline Blvd. Mountain View, CA 94043 Reply-To: Stephen Clamage Message-Id: <9010051513.AA02049@taumet.com> Date: Fri, 5 Oct 90 15:13:07 GMT From: Stephen Clamage X-Local-Time: Fri, 5 Oct 90 08:13:07 PDT To: spm2d@watt1.acc.virginia.edu Subject: Re: scanf() problems Newsgroups: comp.lang.c References: <1990Oct4.130831.7814@murdoch.acc.Virginia.EDU> Status: RO In comp.lang.c you write: >Recently, I have heard that many implementations of C have a buggy version >of scanf() attached which may cause a hard drive crash; these assertations >are from the famous C authorities here in Charlottesville. >They also claim that most scanf() versions are buggy, and to use other >read commands (such as gets() ) or to write your own routines. Floating-point conversion routines in most C libraries tend not to be very good, since they are not usually written by numerical analysts. Unless you have an excellent reference, are a trained numerical analyst, or have a very restricted set of possible values to contend with, you may not be able to do any better. "Sigplan Notices", vol 25, No 6, June 1990, contains a pair of articles describing how to read and write floating-point values. It is hard to get right. I have never heard of scanf crashing a hard drive, but then I don't use scanf much -- actually never, except in throw-away test programs. Scanf does not give you proper control over reading input data produced by humans, which is full of weird typos and other errors. It does not give any good recovery mechanism when errors are encountered. It is generally clunky and error-prone to use (the most common error is to use the %f conversion to read a value into a double). If your C library has good implementations of strtoi(), strtol(), and strtod(), you can make a more robust program using these plus character input routines such as you describe. If you want a quick-and-dirty throw-away program, scanf should suffice if it doesn't trash your disk. -- Steve Clamage, TauMetric Corp, steve@taumet.com From: Richard Bumby Message-Id: <9010051926.AA17708@math.rutgers.edu> To: spm2d@watt1.acc.virginia.edu Cc: bumby@math.rutgers.edu Subject: Re: scanf() problems In-Reply-To: USENET article <1990Oct4.130831.7814@murdoch.acc.Virginia.EDU> Status: RO In article <1990Oct4.130831.7814@murdoch.acc.Virginia.EDU> you wrote: > They also claim that most scanf() versions are buggy, and to use other > read commands (such as gets() ) or to write your own routines. > Is there any truth to this rumor? I'm not a real C programmer, but I have used Whitesmith's C for an MC68000 based machine and Manx Aztec-C for the IBMPC. In both cases, there is more than one version of formatted I/O included in the libraries, and the two versions have different behavior in identical situations. It seems to be difficult to get this right. The main reason for using scanf() is to have a single function to use during development so that you don't have to think about I/O. You can usually learn the one or two strange features of the version that you have. Once you know what kind of input to expect, you will do much better with a customized interface -- and you can be reasonably sure that it will be portable, too. -- --R. T. Bumby ** Math ** Rutgers ** New Brunswick ** NJ08903 ** USA -- above postal address abbreviated by internet to bumby@math.rutgers.edu voice communication unreliable -- telephone ignored -- please use Email Date: Fri, 5 Oct 90 18:10:52 EDT From: Larry Jones Message-Id: <9010052210.AA00032@thor> To: uunet!watt1.acc.Virginia.EDU!spm2d@uunet.uu.net Subject: Re: scanf() problems In-Reply-To: your article <1990Oct4.130831.7814@murdoch.acc.Virginia.EDU> News-Path: sdrc!uunet!know!zaphod.mps.ohio-state.edu!wuarchive!udel!haven!uvaarpa!murdoch!watt1.acc.Virginia.EDU!spm2d Status: RO > Recently, I have heard that many implementations of C have a buggy version > of scanf() attached which may cause a hard drive crash; these assertations > are from the famous C authorities here in Charlottesville. > They also claim that most scanf() versions are buggy, and to use other > read commands (such as gets() ) or to write your own routines. > Is there any truth to this rumor? I have repeatedly told these few > not to blast all versions of C because a few may have bad implementations, > but they keep pestering me and I want some *real* C programmers to set > it straight. I think you need some new C authorities. ;-) Most versions of scanf work just fine, although they do not all agree on all of the finer and more obscure details of formatting. On the other hand, scanf is deceptively easy to use and nearly impossible to use in a completely correct and robust manner, which has lead many people to recommend using a combination of fgets and sscanf instead of scanf. Perhaps that was the point your local experts were trying to make. ---- Larry Jones UUCP: uunet!sdrc!thor!scjones SDRC scjones@thor.UUCP 2000 Eastman Dr. BIX: ltl Milford, OH 45150-2789 AT&T: (513) 576-2070 I don't like these stories with morals. -- Calvin