Why is VS2013 telling me to use scanf_s?

c++ visual-studio visual-c++ visual-studio-2013

10,360

The _s family of functions are "secure" variants of standard library functions provided by Microsoft. Many standard library functions are not considered safe since they either don't allow or don't require the user to guard against buffer overflows. The _s functions are alternatives that allow/require buffer overflow protection (usually this means they take an extra argument specifying the size of the buffer you're passing in, but in the case of scanf_s() it requires the format string to contain width specifiers for each %c, %C, %s or %S parameter).

You can disable these warnings by setting the _CRT_NONSTDC_NO_WARNINGS define in your project settings. Or, if you choose, switch to the _s functions (but note that doing so will tie your code to the Microsoft runtime libraries [or to C11; see comments below], and make it nonportable).

10,360

Author by

tech_geek23

Senior at Texas Tech University studying MIS/IT concentrating in Business Analysis with a specific interest in SQL databases

Updated on June 26, 2022

Comments

tech_geek23 almost 2 years
I'm in a programming class at Texas Tech University and after putting up with Python last semester, I'm finally in the C++ class. While we were making a HelloWorld program in class today, me and a few others got Microsoft Visual Studio 2013 telling us to use scanf_s instead of scanf like the instructor was using in his program. Below is my code as it stands.
```
#include <stdio.h>
int main(){

int i,j;
float x,y;
scanf("input a number: %d %d %f %f", &i, &j, &x, &y);

printf("print numbers a : %d \n",i);
printf("print numbers a : %10.3d \n", i);
printf("print numbers a : %-10.3d", i);

fflush(stdin);
getchar();
return 0;
}
```
Angew is no longer proud of SO over 10 years

Actually, they are not totally Microsoft-only; they're an optional part of the C11 standard.
TypeIA over 10 years

@Angew Interesting. Are Microsoft's implementations 100% compatible with the C11 standard? They've been around longer...
Angew is no longer proud of SO over 10 years

I don't know, haven't really checked. I know there's one case where the standard swapped order of parameters compared to a MS function (can't remember which one, MSDN has an article about it), but I believe the general idea was for them to be the same.
James McNellis over 10 years

bsearch_s and qsort_s have different parameter orderings. I don't know of any other differences, but I haven't fully audited the sources. Parameter ordering differences are historical accidents: the Visual C++ implementation was the first implementation of these functions, before they were standardized. In some cases, the C committee standardized something other than existing practice (Why, I know not). Visual C++ also does not implement the C11 constraint handler that these secure functions are supposed to use (instead, we have a similar concept called the invalid parameter handler)