warning C28718: Unannotated buffer
This warning is reported when a buffer that is passed to a function or returned by a function does not have Source Code Annotation Language (SAL) annotations. Static analysis tools can use such annotations to detect buffer overruns. For information about adding annotations, see Using SAL Annotations to Reduce C/C++ Code Defects and Annotating Function Parameters and Return Values.
Currently, only non-constant string buffers are diagnosed with this warning. Ideally, all buffers passed as function parameters or returned by functions should be annotated. Arrays of wchar_t or char are candidates for this warning. Unsigned chars currently are not.
The following code example generates this warning.
int foo( LPTSTR buffer, size_t cch );
The following code example avoids this warning.
int foo( _Out_writes_(cch) LPTSTR buffer, size_t cch );