While processing the buffer using printf/scanf, not using any width for the format specifier %s is vulnerable to buffer overflow CXX-S1004

Using I/O operations such as printf and scanf without setting width limits for format strings can allow for buffer overflow when reading from a stdin pipe or writing to a stdout pipe.

You can limit the width for format strings by providing it between the % and s, as the <width>(any positive decimal integer).

Such as this: %<width>s.

Limit the width of string specifiers by adding a maximum width for I/O operations, as outlined above.

Bad practice

char str[10];
scanf("%s", str);

Recommended

char str[10];
scanf("%10s", str);

References

• msdn on scanf width
• scanf docs
• CWE-120: Buffer Copy without Checking Size of Input ('classic buffer-overflow')