Problem Description:
When using the VS editor to write C language code, an error occurs when calling the scanf() function to input content.
Error code: C4996
problem causes:
The VS compiler considers it unsafe to use the function scanf() defined in C language directly without checking the boundaries . Functions such as scanf() exist in older versions of CRT (C runtime library, part of the C standard library) and have security issues. For example, when reading characters, if the width of %s is not specified, buffering may occur. Area overflow.
Solution:
- 1. Use the scanf_s() function instead
- Use functions provided by the VS compiler including scanf_s , wscanf_s and other versions ending with _s to have security enhancements. Just add _s after the scanf() function in the VS compiler . For friends who are used to calling the scanf() function, this method only treats the symptoms rather than the root cause.
- Let me give you an example for everyone to understand: the code you write is equivalent to the cargo. The scanf() function is part of the cargo, but this part is considered unsafe by the security inspection department (SDL inspection), so the cargo cannot pass, but If the scanf_s function appears to be safe in the security department, it can pass smoothly.
- 2. Find and close the SDL check in VS
- Right-click "Project File" - "Properties" - "Configuration Properties" - "C/C++" - "General" - Change "SDL Check" to "No"
- This is only for this project, and the SDL check (security development cycle check) of this project is turned off. Turning off SDL inspection is equivalent to bypassing the safety supervision department (SDL inspection) and shipping directly.
- 3. Use the pragma command during program activation
-
#pragma warning(disable:4996) 将一个warning作为一个错误 或者 #pragma warning(once:4996) 将一个warning禁用掉 - It should be noted here that the pragma command is only valid for the current file (for .h, it is also valid for the cpp containing it), not for all files in the entire project. When the file is compiled, the settings lose their effect.
- It can be understood that only this cargo acted rogue when passing through the security inspection department (SDL inspection), so it passed smoothly.
- Supplementary explanation of pragma function:
-
#pragma warning(push) 存储当前报警设置。 #pragma warning(push, n) 存储当前报警设置,并设置报警级别为n。n为从1到4的自然数。 #pragma warning(pop) 恢复之前压入堆栈的报警设置。 在一对push和pop之间作的任何报警相关设置都将失效。 #pragma warning(disable: n) 将某个警报置为失效 #pragma warning(default: n) 将报警置为默认 某些警告如C4309是从上到下生效的。即文件内#pragma warning从上到下遍历,依次生效。 - 4. Change the header file and add macro definitions
- Place the #define _CRT_SECURE_NO_WARNINGS macro definition at the top of the source file to ignore the warning problem. This method belongs to this batch of goods and is ignored, so it can also be passed.
- You can also modify the predefinition inside the compiler: right-click "Project File" - "Properties" - "Configuration Properties" - "C/C++" - "Precompiler" - "Precompiler Definition" and add ""
- You can also modify the "newc++file.cpp" file in the VS compiler installation path. This method has certain risks and will not be expanded here. Friends who need it can search for it by themselves.