Are you not listening to what anyone else is telling you here? Did you not read the article?
It's not about "scanning into junk". The problem would happen if you used scanf to extract integers from a string of `' '.join([1]*1000000)`. Because you would make 1,000,000 scanf calls, and _each_ of those calls would call strlen on the string, quadratically scanning over the string to repeatedly find the end.
In fact, every sscanf is O(size of the string) even when the string is well formed. This is not a well behaved function.
It's not about "scanning into junk". The problem would happen if you used scanf to extract integers from a string of `' '.join([1]*1000000)`. Because you would make 1,000,000 scanf calls, and _each_ of those calls would call strlen on the string, quadratically scanning over the string to repeatedly find the end.
In fact, every sscanf is O(size of the string) even when the string is well formed. This is not a well behaved function.