warning C6203: buffer overrun for buffer <variable> in call to <function>: length <size> exceeds buffer size
This warning indicates that a parameter that points to a non-stack buffer of known size is being passed into a function that copies more bytes into it than that size. This situation will cause a buffer overrun.
This defect might cause an exploitable security hole or a program crash.
The following code generates warning C6203 and C6386. Both warnings indicate buffer overrun problem because an incorrect parameter (sizeof intArray) is passed to the function:
#include <memory.h>
void f( )
{
static char charArray[5];
static int intArray[5];
memset ((void *)charArray, 0, sizeof intArray);
// code ...
}
To correct both warnings, pass correct size using sizeof charArray as shown in the following code:
void f( )
{
static char charArray[5];
memset ((void *)charArray, 0, sizeof charArray);
// code ...
}
In the following code, the function parameter char *pC is annotated by using the WritableElementsLength property. The actual number of writable element in pC is the number of elements of the buffer char *pCLen. In this case, warning C6203 is generated at the call site because pCLen has more elements than the writable parameter pC.
#include <malloc.h>
#include <codeanalysis\sourceannotations.h>
using namespace vc_attributes;
void f([Pre(WritableElementsLength="pCLen")] char *pC, char *pCLen);
void test_f( )
{
char *pChar = ( char * ) malloc ( 10 );
char buff[15];
test_f ( pChar, buff ); // warning 6203
// code ...
}
Warning C6202 is issued for stack buffers.
Reference