1

It may sound like an XY Problem but I am confused.

I want to execute some code when the user enters 6. First have a look at code:

#include<stdio.h>
int main(void) {
 short int x;
 printf("Val :");
 scanf("%d", &x);
 if (x == 6) {
 //some code
 }
 return 0;
}

SHRT_MAX in my system is 32767 and if the user manages to enter 65442 this will be converted to 6 ultimately and the code will be executed at this value while it was supposed to execute at 6. Well, it is getting executed at 6 but from the user's point of view it is the lack of security. Yeah, I can use int or long int, but if the user is cracking short int, it is not the right choice. How can I deal with this issue?

Jonathan Leffler
760k145 gold badges962 silver badges1.3k bronze badges
asked May 28, 2023 at 13:17
13
  • 4
    If you're going to read a short int with scanf, you need %hd. Commented May 28, 2023 at 13:21
  • 2
    But if you want guaranteed behavior if the user types a value bigger than the target type can hold, you need to use something other than scanf. Regardless of whether the target type is short, int, long, or long long, if the user types a too-big value, there's no guaranteed behavior. (In fact I'm pretty sure it's downright undefined.) Commented May 28, 2023 at 13:23
  • 2
    @SteveSummit I'm pretty sure it's downright undefined It is undefined behavior: "... if the result of the conversion cannot be represented in the object, the behavior is undefined." Never use any of the *scanf() functions to parse numeric data. There's no way to to use any of those functions without risking undefined behavior on an out-of-range value. Commented May 28, 2023 at 13:55
  • 1
    @EricPostpischil Probably 5-10% of the C questions here arise from one of the *scanf() functions. What happens when your just-out-of-college self-styled "l33t" coder gets the ticket to change that format, and three weeks after delivery to production, one of your biggest customers calls up all irate because he just had a livestock trailer unleash 100 full-grown pigs onto his factory floor and his account was directly debited for rush delivery of said pigs and you find out your ordering system messed up a rush order for 100 tons of pig iron because your noob screwed up the scanf() format? Commented May 28, 2023 at 15:07
  • 2
    See also A Beginner's Guide Away From scanf() and How to read/parse input in C — The FAQ. Commented May 28, 2023 at 18:00

1 Answer 1

7

Re: SHRT_MAX in my system is 32767 and if user manages to enter 65442 this will be converted to 6

From C11 7.21.6.2 The fscanf() function /10:

If this object does not have an appropriate type, or if the result of the conversion cannot be represented in the object, the behavior is undefined.

I suggest reading a whole line fgets() and parsing it with strtol(). scanf() is not suitable for this.

This might help: Correct usage of strtol().

Sidenote: The %d format specifier expects an int *, not a short int *. Change it to %hd.

answered May 28, 2023 at 13:22
Sign up to request clarification or add additional context in comments.

2 Comments

Even if I parse it to long using parsing function it may react the same way for overflow numbers. So should I use string comparing method to get the job done or some idea with numerical data ? i mean using premitive data types of number values ?
Well this also may be because I am too poor in parsing jobs or else.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.