...
Formatted-input functions such as sscanf scanf will accept the values INF, INFINITY, or NAN (not case sensitive) as valid inputs for the %f format specification, allowing malicious users to feed them directly to a program. Programs should therefore check to ensure that all input floating point values (especially those controlled by the user) do not have either of these values if doing so would be inappropriate. The <math.h> library provides two macros for this purpose: isinf and isnan.
...
If infinity or NaN values are not acceptable inputs in a program, these macros should be used to ensure they are not passed to vulnerable functions.
Implementation Details
If an out of range float is entered into a formatted input function, it is automatically converted by the function into infinity if it is greater than FLOAT_MAX, or to negative infinity if it is less than FLOAT_MIN. Thus users can still force a float to be infinity, even if their input strings are tested for the "inf" or "infinity" pattern. The exact values of FLOAT_MIN and FLOAT_MAX are implementation specific.
For example, if FLOAT_MAX is 1e99, then passing the string "1e9999" to scanf("%f", &x) will result in x having the value infinity.
Therefore, any floating-point input should be tested for infinity or nan, even if the text strings are filtered.
Noncompliant Code Example
...