Max string length using scanf -> ANSI C

Question

I have:

#define MAX_STR_LEN 100

and I want to put into scanf pattern so I can control the string length:

scanf("%100[^\n]s",sometext)

I tried:

scanf("%MAX_STR_LEN[^\n]s",sometext)
scanf("%"MAX_STR_LEN"[^\n]s",sometext)
scanf("%",MAX_STR_LEN,"[^\n]s",sometext)

And it didn't work. I just want to avoid buffer overflow since "sometext" is allocated with malloc(MAX_STR_LEN)...

Any ideas?

Answer 1

I wasn't happy with any of these solutions, so I researched further, and discovered GNU GCC macro stringification

which can be used as:

#define XSTR(A) STR(A)
#define STR(A) #A
#define MAX_STR_LEN 100
scanf("%"XSTR(MAX_STR_LEN)"[^\n]s", sometext)

Maybe VS2010 offers something similar?

Answer 2

I just want to avoid buffer overflow

Then don't use scanf(). At all.

If you are scanning lines of text, don't #define MAX_STR either. You can haz LINE_MAX in <limits.h> (if you are targeting POSIX compatible systems):

char buf[LINE_MAX];
fgets(buf, sizeof(buf), stdin);

should do the trick.

Answer 3

As almost everyone says, it is better to use fgets(..., stdin) to handle this problem.

In the following link, I have suggested a safe and correct technique that let you to replace scanf() by a safer method, by means of a solid macro:

A macro that safely replaces scanf()

The macro I have proposed (working with compatible C99 compilers) is safe_scanf(), as shown in the following program:

#include <stdio.h>
#define safe_scanf(fmt, maxb, ...) { \
    char buffer[maxb+1] = { [maxb - 1] = '\0' }; \
    fgets(buffer, maxb+1, stdin); \
    if ((buffer[maxb - 1] != '\0') && (buffer[maxb - 1] != '\n')) \
        while(getchar() != '\n') \
           ; \
    sscanf(buffer, fmt, __VA_ARGS__); \
  }

#define MAXBUFF 20     

int main(void) {
   int x; float f;      
   safe_scanf("%d %g", MAXBUFF+1, &x, &f);
   printf("Your input was: x == %d\t\t f == %g",  x, f);
   return 0;
}  

You would have to tune the value of MAXBUFF according to your needs...
Although the macro safe_scanf() is pretty solid,
there are some weakness in using the macro approach:
Missing type-checking for parameters, missing "return" values (which hardly differs from the "true" scanf() function, that returns an int, with valuable information for error checking), and so on.
All that problems have solution, but it is part of another topic...

Maybe, the most exact solution is to define a function my_scanf() with variable number of parameters, by invoking the stdarg.h library, joint to a combination of fgets() and vsscanf(). Here you have the code:

#include <stdio.h>
#include <stdarg.h>

int my_scanf(const char* fmt, const unsigned int maxbuff, ...) {
    va_list ptr;
    int ret;

    if (maxbuff <= 0)
       return EOF; /* Bad size for buffer[] */

    char buffer[maxbuff+1];
    buffer[maxbuff-1] = '\0';  /* Quick buffer cleaning... */

    if (fgets(buffer, maxbuff+1, stdin) == NULL)
       return EOF; /* Error detected */
    else {
        if ((buffer[maxbuff-1] != '\n') && (buffer[maxbuff-1] != '\0'))
            /* Condition logically equivalent to:
                   fgets() has not reached an '\n'
            */
            while (getchar() != '\n')
               ; /* "Flushing" stdin... */

        va_start(ptr, maxbuff);
        ret = vsscanf(buffer, fmt, ptr);
        va_end(ptr);
        return ret;
    }    
}

#define MAXBUFF 20
int main(void) {
   int x; 
   float z;
   int scanf_ret = my_scanf("%d %g", MAXBUFF, &x, &z);
   printf("\nTest:\n x == %d\n z == %g\n scanfret == %d", x, z, scanf_ret);
   getchar();   
   return 0;   
}

The function my_scanf() has the prototype

int my_scanf(const char* fmt, const int maxbuff, ...);

It accepts a format string fmt that behaves in the same way as any other scanf()-like does.
The 2nd parameter is the maximum number of chars that will be effectively accepted from the standard input (keyboard).
The return value is an int, which is EOF if maxbuff has no sense, or well some input error happened. If a non-negative value is returned, it is the same that would be returned by the standard functions sscanf() or vsscanf().

Inside the function, maxbuff is incremented in 1, because fgets() makes some room for an additional '\0' character.
Non-positive values of maxbuff are immediatelly discarded.
fgets() will read a string is read from stdin (keyboard) with room for at most maxbuff characters, including '\n'.
If the user has entered a very long string, then it will bu truncated, and some kind of "flush" mechanism is necessary in order to discard all the characters to the next '\n' (ENTER). If not, the next keyboard reading could have older characters, not desired at all.
The condition for "flushing" is that fgets() has not reached '\n' after reading stdin.
This is the case if, and only if, buffer[maxbuff - 1] is not equal to '\0' nor '\n'.
(Check it!)
Finally, an appropiate combination of stdarg.h macros and the function vsscanf() is employed to process the variable list of parameters.

Answer 4

Recommend the fgets(buffer, sizeof(buffer), stdin) approach.

If you still want to use scanf() you can create its format at runtime.

#define MAX_STR_LEN 100
char format[2 + sizeof(size_t)*3 + 4 + 1];  // Ugly magic #
sprintf(format, " %%%zu[^\n]", (size_t) MAX_STR_LEN);
scanf(format, sometext);

or re-define MAX_STR_LEN to be a string

#define MAX_STR_LEN "100"
scanf(" %" MAX_STR_LEN "[^\n]", sometext);

Still recommend the fgets().
Note fgets() will put leading spaces and the trailing \n in your buffer whereas " %[^\n]" will not.
BTW: the trailing s in your formats is not likely doing what you think.

Answer 5

How about

scanf("%.*[^\n]s", MAX_STR_LEN, sometext)