The scanf function's conversion specifier "%n" requires the next pointer to be a pointer to an int. That int gets "the number of characters consumed thus far from the input". However, an int may not be large enough to read the number of chars read. Previous programmers have identified this issue and resolved it by using a size_t. As evidence, the strlen(3) function returns a size_t and not an int. The fix: make the require pointer for the "%n" conversion specifier a size_t pointer instead of an int.
If you want to store a size_t, use %zn.