C6059

 

The new home for Visual Studio documentation is Visual Studio 2017 Documentation on docs.microsoft.com.

The latest version of this topic can be found at C6059.

warning C6059: Incorrect length parameter in call to <function>. Pass the number of remaining characters, not the buffer size of <variable>

This warning indicates that a call to a string concatenation function is probably passing an incorrect value for the number of characters to concatenate. This defect might cause an exploitable buffer overrun or crash. A common cause of this defect is passing the buffer size, instead of the remaining number of characters in the buffer, to the string manipulation function.

The following code generates this warning:

#include <string.h>  
#define MAX 25  
  
void f( )  
{  
  char szTarget[MAX];  
  char *szState ="Washington";  
  char *szCity="Redmond, ";  
  
  strncpy(szTarget,szCity, MAX);  
  szTarget[MAX -1] = '\0';  
  strncat(szTarget, szState, MAX); //wrong size   
  // code ...                                   
}  

To correct this warning, use the correct number of characters to concatenate as shown in the following code:

#include <string.h>  
#define MAX 25  
  
void f( )  
{  
  char szTarget[MAX];  
  char *szState ="Washington";  
  char *szCity="Redmond, ";  
  
  strncpy(szTarget,szCity, MAX);  
  szTarget[MAX -1] = '\0';  
  strncat(szTarget, szState, MAX - strlen(szTarget)); // correct size   
  // code ...                                   
}  

To correct this warning using the safe string manipulation function, see the following code:

#include <string.h>  
  
void f( )  
{  
  char *szState ="Washington";  
  char *szCity="Redmond, ";  
  
  size_t nTargetSize = strlen(szState) + strlen(szCity) + 1;  
  char *szTarget= new char[nTargetSize];  
  
  strncpy_s(szTarget, nTargetSize, szCity,strlen(szCity));  
  strncat_s(szTarget, nTargetSize, szState,  
                    nTargetSize - strlen(szTarget));  
  // code ...  
  delete [] szTarget;  
}  

strncpy_s, _strncpy_s_l, wcsncpy_s, _wcsncpy_s_l, _mbsncpy_s, _mbsncpy_s_l
strncat_s, _strncat_s_l, wcsncat_s, _wcsncat_s_l, _mbsncat_s, _mbsncat_s_l

Show: