c - difference between %ms and %s scanf -

reading scanf manual encounter line:

an optional 'm' character. used string conversions (%s, %c, %[),

can explain simple example stating difference , need of such option in cases ?

the c standard not define such optional character in scanf() formats.

the gnu lib c, define optional a indicator way (from man page scanf):

an optional a character. used string conversions, , relieves caller of need allocate corresponding buffer hold input: instead, scanf() allocates buffer of sufficient size, , assigns address of buffer corresponding pointer argument, should pointer char * variable (this variable not need initialized before call).

the caller should subsequently free buffer when no longer required. gnu extension; c99 employs a character conversion specifier (and can used such in gnu implementation).

the notes section of man page says:

the a modifier not available if program compiled gcc -std=c99 or gcc -d_isoc99_source (unless _gnu_source specified), in case a interpreted specifier floating-point numbers (see above).

since version 2.7, glibc provides m modifier same purpose modifier. m modifier has following advantages:

• it may applied %c conversion specifiers (e.g., %3mc).

• it avoids ambiguity respect %a floating-point conversion specifier (and unaffected gcc -std=c99 etc.)

• it specified in upcoming revision of posix.1 standard.

the online linux manual page @ http://linux.die.net/man/3/scanf documents option as:

an optional 'm' character. used string conversions (%s, %c, %[), , relieves caller of need allocate corresponding buffer hold input: instead, scanf() allocates buffer of sufficient size, , assigns address of buffer corresponding pointer argument, should pointer char * variable (this variable not need initialized before call). caller should subsequently free(3) buffer when no longer required.

the posix standard documents extension in posix.1-2008 edition (see http://pubs.opengroup.org/onlinepubs/9699919799/functions/fscanf.html ):

the %c, %s, , %[ conversion specifiers shall accept optional assignment-allocation character m, shall cause memory buffer allocated hold string converted including terminating null character. in such case, argument corresponding conversion specifier should reference pointer variable receive pointer allocated buffer. system shall allocate buffer if malloc() had been called. application shall responsible freeing memory after usage. if there insufficient memory allocate buffer, function shall set errno [enomem] , conversion error shall result. if function returns eof, memory allocated parameters using assignment-allocation character m call shall freed before function returns.

using extension, write:

char *p; scanf("%ms", &p); 

causing scanf parse word standard input , allocate enough memory store characters plus terminating '\0'. pointer allocated array stored p , scanf() return 1, unless no non whitespace characters can read stdin.

it entirely possible other systems use m similar semantics or else entirely. non-standard extensions non portable , should used carefully, documented such, in circumstances standard approach cumbersome impractical or altogether impossible.

note parsing word of arbitrary size indeed impossible standard version of scanf():

you can parse word maximum size , should specify maximum number of characters store before '\0':

    char buffer[20];     scanf("%19s", buffer); 

but not tell how many more characters available parse in standard input. in case, not passing maximum number of characters may invoke undefined behavior if input long enough, , specially crafted input may used attacker compromise program:

    char buffer[20];     scanf("%s", buffer); // potential undefined behavior,                          // exploited attacker.