Closed tenox7 closed 5 years ago
I know scanf makes things much more comfortable, but in times of any possible input to a program it should be noted, that scanf is a very insecure funktion, resp. people are using it very insecure in a lot of cases. Very common problems are:
For parsing data I rather suggest the classic string functions. Also strlcpy/strlcat from BSD are known to produce terminated strings. Makes things much more comfortable. The classic functions like strcmp, sprintf, ... also may be considered bad, because of no length limit. There are also strncmp, snprintf, strncat/ncpy (which provides no termination), ...
With these classics you also have to deal with lengths/termination, but in "smaller steps", so one may see mistakes more easily.
In general scanf and gets are making my hair stand off from my arms. This is no critisizm, this is just a suggestion to think about. scanf may indeed be used securely, but it is very common to introduce memory-leaks or other problems...
While your claims are generally correct they are also very broad and I'm not sure if they are applicable to this specific use case. I would suggest that you look at scanf usage in ttyplot and refine your comment to be much more specific. Ideally please send a PR with suggested changes.
not needed
scanf should go to separate thread so it doesn't block the display completely