Reasons for the insecurity of C language standard function scanf

scanf It's a standard. C Standard library functions for languages ;

scanf_s Is Microsoft's , Than scanf Added a parameter , The number of characters to be input must be specified ;

eg:

char buf[5]={0};

scanf("%s",buf);// If input 1234567890, be 5 The following characters will also be read , It may be written to the location of other variables , Cause procedure     
                // abnormal , stay VS2019 Next test , Program crash .     If input 12, It's normal 



char buf[5]={0};

scanf_s("%s",buf,4);// Only the number of space characters can be stored -1 Characters   Because the last space to store \0


// stay vs2019 Next test , If input ≤4 Characters , Everything is all right , If input 5 Characters or more , The program doesn't crash , however buf No data in , The reason should be 4 Within characters （ contain ） No carriage return received , So it is not written into buf in ..