17

I have created a small application to find max number by using user-defined function with parameter. When I run it, it shows this message

Error 1 error C4996: 'scanf': This function or variable may be unsafe. Consider using scanf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.

What do I do to resolve this?

This is my code 

#include<stdio.h>

void findtwonumber(void);
void findthreenumber(void);

int main() {
    int n;
    printf("Fine Maximum of two number\n");
    printf("Fine Maximum of three number\n");

    printf("Choose one:");
    scanf("%d", &n);
    if (n == 1)
    {
        findtwonumber();
    }
    else if (n == 2)
    {
        findthreenumber();
    }
    return 0;
}

void findtwonumber(void)
{
    int a, b, max;
    printf("Enter a:");
    scanf("%d", &a);
    printf("Enter b:");
    scanf("%d", &b);
    if (a>b)
        max = a;
    else
        max = b;
    printf("The max is=%d", max);
}

void findthreenumber(void)
{
    int a, b, c, max;
    printf("Enter a:");
    scanf("%d", &a);
    printf("Enter b:");
    scanf("%d", &b);
    printf("Enter c:");
    scanf("%d", &c);
    if (a>b)
        max = a;
    else if (b>c)
        max = b;
    else if (c>a)
        max = c;
    printf("The max is=%d", max);
}
Deduplicator
  • 41,806
  • 6
  • 61
  • 104
Chheang Phearum
  • 199
  • 1
  • 1
  • 9
  • 4
    Well, it is a warning treated as an error. Either do as suggested, and replace `scanf` with `scanf_s`, or disable it as it is telling you.. – Eugene Sh. Jun 01 '15 at 15:36
  • 2
    See [Why does Visual Studio 2013 error on C4996?](http://stackoverflow.com/questions/20448102/why-does-visual-studio-2013-error-on-c4996) – Baris Demiray Jun 01 '15 at 15:38
  • just a compiler warning. scanf_s prevents possible buffer overflow. see http://code.wikia.com/wiki/Scanf_s – user3742467 Jun 01 '15 at 15:43
  • 1
    I'm not sure what the question is. Either replace or disable with: #define _CRT_SECURE_NO_WARNINGS – Jiminion Jun 01 '15 at 15:45
  • Possible duplicate of [Why does Visual Studio 2013 error on C4996?](https://stackoverflow.com/questions/20448102/why-does-visual-studio-2013-error-on-c4996) – MicroVirus Mar 15 '18 at 16:30
  • Related posts : [How to use _CRT_SECURE_NO_WARNINGS](https://stackoverflow.com/q/22450423/465053) – RBT Jun 15 '18 at 09:16

3 Answers3

15

It sounds like it's just a compiler warning.

Usage of scanf_s prevents possible buffer overflow.
See: http://code.wikia.com/wiki/Scanf_s

Good explanation as to why scanf can be dangerous: Disadvantages of scanf

So as suggested, you can try replacing scanf with scanf_s or disable the compiler warning.

Community
  • 1
  • 1
user3742467
  • 474
  • 3
  • 13
  • 12
    How do I disable the compiler warning? – VOLVO Jan 06 '16 at 12:12
  • 11
    @VOLVO: To disable the compiler warning, add to the very top of your program the following statement: `#define _CRT_SECURE_NO_WARNINGS`. – AboAmmar Mar 05 '17 at 15:21
  • 1
    The wikia link says `scanf_s` is " the same as `scanf`, except it is safe." Is there any reason why an implementation that can support `scanf_s` should have `scanf` not chain to the same function? – supercat Jun 28 '18 at 16:21
  • @supercat: [Lots of them](http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1967.htm), including efficiency and portability. – DevSolar Aug 19 '20 at 12:28
  • @DevSolar: That page doesn't even mention `scanf_s`. Further, in most of the other examples of converting "normal" functions to "safe" functions, the proper replacement should have been `memcpy`. For example, in the `string_dup` example, the page squawks that using `strcpy_s` adds a redundant string-length measurement, but the version with `strcpy` already included a redundant measurement. A proper function should measure the source length once and then use `memcpy` to copy either everything or all but the last byte, and zero the last byte of the destination. – supercat Aug 19 '20 at 14:43
  • @supercat So first you ask for reasons. I point you to an *elaborate* paper by the standard conmittee on the Annex K "safe" functions (which by definition includes scanf_s even if you don't find it in a full-text search), and you start arguing fine print as if those guys didn't know what they are talking about. *Nice*. – DevSolar Aug 19 '20 at 18:28
  • @DevSolar: I had been asking *specifically* about `scanf_s`, which is not mentioned in the linked paper. Otherwise, the paper correctly concludes that many of the functions are poorly designed and of dubious usefulness, but uses a rather weak argument (they can be used in ways that are less efficient than the originals without being safer) rather than a better argument (their corner-base behaviors are a poor fit for many the things programmers need to do). – supercat Aug 19 '20 at 19:12
  • @supercat: "Not mentioned in the paper" only if you skimmed through it looking for a good way to be contrary about it. In fact every single section of that paper contains at least one item that could be applied to `scanf_s`. Most importantly IMHO the part about Available Implementations. And if you *know* even better arguments than mentioned in the paper, why are you *asking* for them? – DevSolar Aug 19 '20 at 19:55
14

Another way to suppress the error: Add this line at the top in C/C++ file:

#define _CRT_SECURE_NO_WARNINGS
GorvGoyl
  • 27,835
  • 20
  • 141
  • 143
  • 9
    To clarify: "at the top" means "before the `#include` lines". If you put it below `#include`, for example, you'll still get the warning, because when you disable it it's already too late. – Fabio says Reinstate Monica Apr 26 '18 at 22:55
  • 2
    @FabioTurati has mentioned a very important point. Whenever we create a default CPP project then it creates `.cpp` file containing `main` method. To refer all the header files it refers to a centralized header file named `stdafx.h` which contains all the include statements. So when I wrote `#define _CRT_SECURE_NO_WARNINGS` at the top of `.cpp` file before all include statements then it made no difference. But when I added it to the top of `stdafx.h` file then finally the error went away. – RBT Jun 15 '18 at 08:48
  • Alternatively, add `/D_CRT_SECURE_NO_WARNINGS /wd4996` to your compile options. – DevSolar Aug 19 '20 at 12:27
8

You can add "_CRT_SECURE_NO_WARNINGS" in Preprocessor Definitions.

Right-click your project->Properties->Configuration Properties->C/C++ ->Preprocessor->Preprocessor Definitions.

enter image description here

eliasetm
  • 843
  • 9
  • 14