This query finds calls of scanf-like functions with improper return-value checking.

Specifically, the query flags uses of scanf wehere the reurn value is checked only against zero.

Functions in the scanf family return either EOF (a negative value) in case of IO failure, or the number of items successfully read from the input. Consequently, a simple check that the return value is nonzero is not enough.

Ensure that all uses of scanf check the return value against the expected number of arguments rather than just against zero

This example shows different ways of guarding a scanf output:

SEI CERT C++ Coding Standard: ERR62-CPP. Detect errors when converting a string to a number.

SEI CERT C Coding Standard: ERR33-C. Detect and handle standard library errors.

cppreference.com: scanf, fscanf, sscanf, scanf_s, fscanf_s, sscanf_s.