C6202

warning C6202: buffer overrun for <variable>, which is possibly stack allocated, in call to <function>: length <size> exceeds buffer size <max>

This warning indicates that a parameter pointing to a stack buffer of known size is being passed into a function that copies more bytes into it than that size. This situation will cause a buffer overrun. This defect is likely to cause an exploitable security hole or a program crash.

Example

The following code generates warnings C6202 and C6386. Both warnings indicate buffer overrun problems because an incorrect parameter (sizeof intArray) is passed to the function:

#include <memory.h>
void f( )
{
  int intArray[5];
  char charArray[5];

  memset ((void *)charArray, 0, sizeof intArray);
  // code ...
}

To correct both warnings, pass correct size using sizeof charArray as shown in the following code:

#include <memory.h>
void f( )
{
  char charArray[5];
 
  memset ((void *)charArray, 0, sizeof charArray);
}

In the following code, the function parameter char *pC is annotated using the WritableElementsLength property. The actual number of writable element of pC is the number of elements of the buffer char *pCLen. In this case, warning C6202 is generated at the call site because pCLen has more elements than the writable parameter pC.

#include <codeanalysis\sourceannotations.h>
using namespace vc_attributes;
void f([Pre(WritableElementsLength="pCLen") ] char *pC, char *pCLen);

void test_f()
{
  char pc[12]; 
  char buff[17];
  f(pc, buff); // warning 6202
  // code...
}

Warning C6203 is issued for non-stack buffers.

See Also

Reference

C6386

C6203