40.11 a note about sscanf

Question

Closed this issue 3 years ago · 1 comments

There is a footgun about sscanf that has been mediatised on HN recently.
Basically sscanf will call strlen so the complexity is linear in the string length. If you use this for a parser and repeatedly call it then you have quadratic complexity.
I'm not sure how it should be integrated, but i feel a mention here might be helpful
Here are the references to the mention of the problems
https://www.mattkeeter.com/blog/2021-03-01-happen/
https://news.ycombinator.com/item?id=26302744
https://nee.lv/2021/02/28/How-I-cut-GTA-Online-loading-times-by-70/

Answer 1 · 2021-03-30T14:35:32.000Z

I love that story. Added a section to the sscanf man page. Thanks!