Symptoms
When you run an application that calls the _sntscanf_s function, the call should return an EOF(-1) value. However, when you run the application on Windows 10 Enterprise 2015 LTSB, the injected null character is ignored. This causes the numFields field to receive an erroneous value of 1 instead of the EOF (-1) value.
For example, this issue occurs in the following Visual C++ application:
#include "stdafx.h"
#include "string.h"
#include "stdlib.h"
int main()
{
TCHAR szBuff[256];
double temp = 0;
wcscpy_s(szBuff, L"77777777");
// this should force the _sntscanf_s to return an EOF (-1) value
szBuff[0] = '\0';
int numFields = _sntscanf_s(szBuff, _countof(szBuff), _T("%lf"), &temp);
if (numFields == EOF)
{
printf("Correct Behavior!!!\r\n");
}
else
{
printf("BUG: _sntscanf_s failed to return EOF!!!\r\n");
}
return 0;
}Cause
This issue occurs because of a known problem in the common_vsscanf function in the Ucrtbase.dll file that is included in Windows 10 Enterprise 2015 LTSB. This problem affects the whole scanf family of functions:
-
_vsscanf_l
-
vsscanf
-
_sscanf_l
-
sscanf
-
_vsscanf_s_l
-
vsscanf_s
-
_sscanfs_l
-
sscanf_s
-
_snscanf_l
-
_snscanf_s
-
_snscanf_s_l
-
_snscanf_s
-
_vswscanf_l
-
vswscanf
-
_swscanf_l
-
swscanf
-
_vswscanf_s_l
-
vswscanf_s
-
_wsscanfs_l
-
swscanf_s
-
_snwscanf_l
-
_snwscanf_s
-
_snwscanf_s_l
-
_snwscanf_s
Resolution
To resolve this issue, install servicing update May 8, 2018—KB4103716 (OS Build 10240.17861).
