How to use sscanf correctly and safely

First of all, other questions about usage of sscanf do not answer my question because the common answer is to not use sscanf at all and use fgets or getch instead, which is impossible in my case.

The problem is my C professor wants me to use scanf in a program. It's a requirement. However the program also must handle all the incorrect input.

The program must read an array of integers. It doesn't matter in what format the integers for the array are supplied. To make the task easier, the program might first read the size of the array and then the integers each in a new line.

The program must handle the inputs like these (and report errors appropriately):

  1. 999999999999999...9 (numbers larger than integer)
  2. 12a3 (don't read this as an integer 12)
  3. a...z (strings)
  4. 11 aa 22 33\n all in one line (this might be handled by discarding everything after 11)
  5. inputs larger than the input array

There might be more incorrect cases, these are the only few I could think of.

If the erroneous input is supplied, the program must ask the user to input again until the correct input is given, but the previous correct input must be kept (only incorrect input must be cleared from the input stream).

Everything must conform to C99 standard.


The scanf family of function cannot be used safely, especially when dealing with integers. The first case you mentioned is particularly troublesome. The standard says this:

If this object does not have an appropriate type, or if the result of the conversion cannot be represented in the object, the behavior is undefined.

Plain and simple. You might think of %5d tricks and such but you'll find they're not reliable. Or maybe someone will think of errno. The scanf functions aren't required to set errno.

Follow this fun little page: they end up ditching scanf altogether.


So go back to your C professor and ask them: how exactly does C99 mandate that sscanf will report errors ?


Well, let sscanf accept all inputs as %s (i.e. strings) and then program analyze them


If you must use scanf to accept the input, I think you start with something a bit like the following.

int array[MAX];
int i, n;
scanf("%d", &n);
for (i = 0; i < n && !feof(stdin); i++) {
    scanf("%d", &array[i]);
}

This will handle (more or less) the free-format input problem since scanf will automatically skip leading whitespace when matching a %d format.

The key observation for many of the rest of your concerns is that scanf tells you how many format codes it parsed successfully. So,

int matches = scanf("%d", &array[i]);
if (matches == 0) {
   /* no integer in the input stream */
}

I think this handles directly concerns (3) and (4)

By itself, this doesn't quite handle the case of the input12a3. The first time through the loop, scanf would parse '12as an integer 12, leaving the remaininga3` for the next loop. You would get an error the next time round, though. Is that good enough for your professor's purposes?

For integers larger than maxint, eg, "999999.......999", I'm not sure what you can do with straight scanf.

For inputs larger than the input array, this isn't a scanf problem per se. You just need to count how many integers you've parsed so far.

If you're allowed to use sscanf to decode strings after they've been extracted from the input stream by something like scanf("%s") you could also do something like this:

while (...) {
    scanf("%s", buf);
    /* use strtol or sscanf if you really have to */
}

This works for any sequence of white-space separated words, and lets you separate scanning the input for words, and then seeing if those words look like numbers or not. And, if you have to, you can use scanf variants for each part.