g.region/r.to.rast3elev: fixed scanf error to recognize EOF as a possible return value

[naidneelttil]

scanf can return EOF as a return value, which can be a security issue if not accounted for.

[HuidaeCho]

Thanks for your PR. Most (all?) of these checks are for G_parser() options. G_parser() does all necessary sanity checks and returns non-NULL values only if there are any valid values. Even an empty string with an option name (e.g., map="") returns a NULL in answer, so EOF from sscanf() is not really a concern when we already check for the nullity of answer.

sscanf() returns EOF if its first argument is an empty string ("\0"), but G_parser() doesn't return one in answer. answer will be either NULL or a non-empty string.

grass/lib/gis/parser.c

Lines 1180 to 1182 in 87d2d42

	/* an empty string is not a valid answer, skip */
	if (!*string)
	return;

[naidneelttil]

in this PR, I removed the explicit EOF checks but kept the checks for a scanf return value, since this is generally good practice and one less thing to worry about if ever refactoring.

[echoix]

@HuidaeCho with this PR now limited to only three changes with checks like == 1, is this PR ready to go?

[nilason]

Not only does the parser either return NULL or a non-empty string, the string is also guaranteed to contain a valid integer as it already been tested with

grass/lib/gis/parser.c

Line 1399 in 8a3c6b7

int check_int(const char *ans, const char **opts)

There is no way a compiler/static analyser could know this.

I see two possible "solutions" to this:

1. Change to early exit strategy: eg. if (sscanf(value, "%i", &pix) != 1) die(parm.grow);
2. Silence the warning with void: eg. if ((void)sscanf(value, "%i", &pix)) {

if (sscanf(value, "%i", &pix) == 1) { without response if the if condition is false, will only lead to new problems.