Can fscanf buffer overflow if %d is used?

Question: Is it possible for the Fortify finding to be a false positive in this instance?

The code in question is src/analysisd/stats.c:415:

if (fscanf(fp, "%d", &_RWHour[i][j]) <= 0) {

_RWHour is declared as static int _RWHour[7][25]; on line 33 of the same file.

According to the cppreference documentation for fscanf, when no length modifier is used for %d (as is the case for the fscanf call in question), the argument type should be signed int* or unsigned int*.

This raises the question: Is it possible for the Fortify finding to be a false positive in this instance? Or is it possible to write to memory outside an int when you pass the address of an int to fscanf?

Answer: Yes, it is possible for the Fortify finding to be a false positive in this instance. When you pass the address of an int to fscanf, it will read the input and store it in the memory location pointed to by the address. As long as the input is within the range of an int, there should be no issue with writing to memory outside the int. The Fortify finding might be triggered due to a potential vulnerability, but in this specific case, it seems to be a false positive.