TechQA.

Why is SAL reporting this loop as a potential buffer overrun?

131 views Asked by At 
// Global:
const WCHAR g_Table[] = L"AbCdEfGhIjKlMnOpQrStUvWxYzaBcDeFgHiJkLmNoPqRsTuVwXyZ2468013579";


// In function:
void myFunction()
{
    WCHAR *randomFileName = NULL;

    size_t cchFileName = 7 + (rand() % 7);
    randomFileName = HeapAlloc(hHeap, HEAP_ZERO_MEMORY /*Automatically takes care of null terminator*/,
                  (cchFileName + 1) * sizeof(WCHAR));

    if (NULL == randomFileName)
    {
        goto cleanup;
    }
    
    
    for (i = 0; i < cchFileName; i++)
    {
        randomFileName[i] = g_Table[rand() % _countof(g_Table)];
    }
    
    //use(randomFileName);        

cleanup:
    if (randomFileName != NULL)
    {
        HeapFree(hHeap, 0, randomFileName); 
    }
}

SAL reports:

warning C6386: Buffer overrun while writing to 'randomFileName':  the writable size is '((cchFileName+1))*sizeof(WCHAR)' bytes, but '4' bytes might be written.

Is this just a bug in SAL? Or is there something I am missing here? cchFileName is clearly more than 2 WCHARs (i.e. 4 bytes).

c visual-c++ visual-studio-2019 sal
Original Q&A
0

There are 0 answers

Related Questions in C

Related Questions in VISUAL-C++

Related Questions in VISUAL-STUDIO-2019

Related Questions in SAL

Popular Questions

Trending Questions