C6203

warning C6203: buffer overrun for buffer <variable> in call to <function>: length <size> exceeds buffer size

This warning indicates that a parameter that points to a non-stack buffer of known size is being passed into a function that copies more bytes into it than that size. This situation will cause a buffer overrun.

This defect might cause an exploitable security hole or a program crash.

Example

The following code generates warning C6203 and C6386. Both warnings indicate buffer overrun problem because an incorrect parameter (sizeof intArray) is passed to the function:

#include <memory.h>
void f( )
{
  static char charArray[5];
  static int intArray[5];

  memset ((void *)charArray, 0, sizeof intArray);
  // code ...
}

To correct both warnings, pass correct size using sizeof charArray as shown in the following code:

void f( )
{
  static char charArray[5];
   
  memset ((void *)charArray, 0, sizeof charArray);
  // code ...
}

In the following code, the function parameter char *pC is annotated by using the WritableElementsLength property. The actual number of writable element in pC is the number of elements of the buffer char *pCLen. In this case, warning C6203 is generated at the call site because pCLen has more elements than the writable parameter pC.

#include <malloc.h>
#include <codeanalysis\sourceannotations.h>
using namespace vc_attributes;

void f([Pre(WritableElementsLength="pCLen")] char *pC, char *pCLen);

void test_f( )
{
  char *pChar = ( char * ) malloc ( 10 );
  char buff[15];
  test_f ( pChar, buff ); // warning 6203
  // code ...
}

Warning C6202 is issued for stack buffers.

See Also

Reference

C6202

C6386