-4

I am using gcc 4.9.2-10 deb8u1 compiler to compile Here is my code

 #include <stdio.h>
    int main(){
    char *s;
    char sa[10] , sb[10];
    scanf("%s", sa);
    printf("line\n");
    scanf("%s", sb);
    printf("%s   %s", sa, sb);
}

Above code is no any problem if char is under the space provided

However

    scanf("%s", s);
    printf("line\n");
    scanf("%s", sa);
    printf("%s   %s", s, sa);

Input: $: Hu

Result: line (null) Hu

Someone could told me what happen about second code wrong .? I cannot figure out why i cannt input second one .. Thx a lot .!

Improve this question
15
  • 3
    Is this C or C++? Commented Apr 16, 2018 at 15:56
  • 5
    Please provide a complete code example, this means you should have a main() function. Commented Apr 16, 2018 at 15:57
  • 2
    allocate space to pointer variable Commented Apr 16, 2018 at 15:57
  • 2
    I'm voting to close this as off-topic because it asks for help diagnosing incomplete fragments of code (and, as a bonus, because you maybe scanf()ing to an uninitialised pointer). Commented Apr 16, 2018 at 15:59
  • 1
    when calling any of the scanf() family of functions: 1) always check the returned value (not the parameter values) to assure the operation was successful. 2) when using the input format specifier '%s' and/or '%[...]' always include a MAX CHARACTERS modifier that is one less than the length of the input buffer. This is for two reasons; a) those specifiers always append a NUL byte to the input b) to avoid any chance of a buffer overflow Commented Apr 16, 2018 at 16:03

2 Answers 2

Reset to default
1

In you code 

char *s;
char sa[10] , sb[10];

you can't do much with s.

scanf("%s", sa);

is ok, provided the input fits. You can jump through a few hoops, reading the inputs in chunks in a loop if it might be longer (see here)

However, in you "However" section of the question you try

scanf("%s", s);

Since s doesn't point to memory - you'd need to have allocated some - you have undefined behaviour, so anything could happen.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I cannot figure out why i cannt input second one ? because s is not initialize and not having any valid address & doing scanf() on that results in undefined behaviour.

First allocate the memory and then scan the user input. 

int main() {
        char *s; /* its un initialized */
        s = malloc(size); /* this you  need to do ? specify the size value */
        fgets(s,size,stdin);/* its advisable as its not having overflow problem */
        printf("%s\n",s);
        /* once job is done , free it by calling free(s) */
        free(s);
        return 0;
}

Use fgets() instead of scanf() to scan the user input for the reason listed in comments.

Improve this answer

12 Comments

scanf("%s",s); has overflow problems like gets() as they do not limit intput. Both should be avoided.
"limit can be specified in size part of malloc()" --> No. The size allocated with malloc() is not known to scanf() unless somehow that information is passed to the function. Maybe by the format of scanf(). Better still, consider fgets().
"Are you suggesting we shouldn't use scanf() on malloc'ed memory ?" --> Using scanf("%s") on any memory is weak programing practice - regardless of the source of the memory.
@achal It's good practice to never use scanf, especially not for user input. Most users are bad at producing perfectly formatted input.
'Why do insecure functions (still) exist?' Let's think about that for a few seconds! Usually it's because no one either thought or cared about security back in the Stone Age when C was first standardised, and although better things are available now, the old stuff is left around because everyone's paranoid about breaking backwards compatibility (sometimes to a quite excessive extent, if you ask me).
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.