C & C++

C & C++

By DeepSource

While processing the buffer using printf/scanf, not using any width for the format specifier %s is vulnerable to buffer overflow CXX-S1004

Security cwe-120

Using I/O operations such as printf and scanf without setting width limits for format strings can allow for buffer overflow when reading from a stdin pipe or writing to a stdout pipe.

You can limit the width for format strings by providing it between the % and s, as the <width>(any positive decimal integer).

Such as this: %<width>s.

Limit the width of string specifiers by adding a maximum width for I/O operations, as outlined above.

Bad practice

char str[10];
scanf("%s", str);


char str[10];
scanf("%10s", str);