From 2e249670b3e288c9653fba5c1380a9c9ec598568 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <danielm77@spray.se>
Date: Sat, 14 Aug 2010 18:35:48 +0200
Subject: [PATCH] dangerous scanf usage: Added verbose information

---
 lib/checkother.cpp | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/lib/checkother.cpp b/lib/checkother.cpp
index 04bf212ef..4bd758383 100644
--- a/lib/checkother.cpp
+++ b/lib/checkother.cpp
@@ -474,7 +474,23 @@ void CheckOther::invalidScanf()
 void CheckOther::invalidScanfError(const Token *tok)
 {
     reportError(tok, Severity::style,
-                "invalidscanf", "scanf without field width limits can crash with huge input data");
+                "invalidscanf", "scanf without field width limits can crash with huge input data\n"
+                "To fix this error message add a field width specifier:\n"
+                "    %s => %20s\n"
+                "    %i => %3i\n"
+                "\n"
+                "Sample program that can crash:\n"
+                "\n"
+                "#include <stdio.h>\n"
+                "int main()\n"
+                "{\n"
+                "    int a;\n"
+                "    scanf(\"%i\", &a);\n"
+                "    return 0;\n"
+                "}\n"
+                "\n"
+                "To make it crash:\n"
+                "perl -e 'print \"5\"x2100000' | ./a.out");
 }
 
 //---------------------------------------------------------------------------