-1

visual studio erro

dev c++

this code is working in dev c++, ut not working visual studio. erro is

Error C4996 'scanf': This function or variable may be unsafe. Consider using scanf_s instead.

code is...

#include<stdio.h>

int main() {

    int arr[5] = { 0 };
    int i = 0;

    printf("Enter the number :");
    for (i = 0; i < 5; i++) {
        scanf("%d", &arr[i]);
    }
    return 0;
273K
  • 29,503
  • 10
  • 41
  • 64
Anjana Indunil
  • 1
  • 2
    Does this answer your question? [error C4996: 'scanf': This function or variable may be unsafe in c programming](https://stackoverflow.com/questions/30577519/error-c4996-scanf-this-function-or-variable-may-be-unsafe-in-c-programming) – DYZ Dec 10 '22 at 05:53
  • Short answer: `scanf` doesn't provide protection from arithmetic overflow, thus, it's unsafe to use. – rushabhvg Dec 10 '22 at 06:00

1 Answers1

2

Short answer: scanf doesn't provide protection from arithmetic overflow, thus, it's unsafe to use.

Detailed answer:

The original issue begins with the Buffer Overflow problem of gets in C. Link: Issue of gets and solution

It was because of gets function that one of first most widespread worm was able to propagate itself throughout the internet. Because gets overwrites the stack/memory allocated to variable used to store it. This leads to buffer overflow.

Scanf link: Disadvantages of scanf() and its alternative

Unlike gets, scanf does provide safety with string buffers by limiting the size, but, it is not possible for arithmetic input. Arithmetic input will overwrite the stack buffer. Although scanf provides a way to avoid buffer overflow problem with strings but, usually we (lazy programmers) won't specify the limits while using the scanf, hence we wrote an alternative scanf_s

Other alternatives of scanf are, strtol, strtok, and atoi, among others.

Edit 1: Changed from sscanf to scanf_s in ...hence, we wrote an alternative...

rushabhvg
  • 88
  • 1
  • 12