Kommentar
Åtkomst till den här sidan kräver auktorisering. Du kan prova att logga in eller ändra kataloger.
Åtkomst till den här sidan kräver auktorisering. Du kan prova att ändra kataloger.
warning C6202: buffer overrun for <variable>, which is possibly stack allocated, in call to <function>: length <size> exceeds buffer size <max>
This warning indicates that a parameter pointing to a stack buffer of known size is being passed into a function that copies more bytes into it than that size. This situation will cause a buffer overrun. This defect is likely to cause an exploitable security hole or a program crash.
Example
The following code generates warnings C6202 and C6386. Both warnings indicate buffer overrun problems because an incorrect parameter (sizeofintArray) is passed to the function:
#include <memory.h>
void f( )
{
int intArray[5];
char charArray[5];
memset ((void *)charArray, 0, sizeof intArray);
// code ...
}
To correct both warnings, pass correct size using sizeofcharArray as shown in the following code:
#include <memory.h>
void f( )
{
char charArray[5];
memset ((void *)charArray, 0, sizeof charArray);
}
In the following code, the function parameter char *pC is annotated using the WritableElementsLength property. The actual number of writable element of pC is the number of elements of the buffer char *pCLen. In this case, warning C6202 is generated at the call site because pCLen has more elements than the writable parameter pC.
#include <codeanalysis\sourceannotations.h>
using namespace vc_attributes;
void f([Pre(WritableElementsLength="pCLen") ] char *pC, char *pCLen);
void test_f()
{
char pc[12];
char buff[17];
f(pc, buff); // warning 6202
// code...
}
Warning C6203 is issued for non-stack buffers.