Skip to content

Commit 4771ca2

Browse files
Xazax-hunXazax-hun
authored
Add missing documentation for C26459. (#5541)
* Add missing documentation for C26459. * Fix acrolinx warnings. * Address review comments.
1 parent c9a9979 commit 4771ca2

File tree

2 files changed

+45
-0
lines changed

2 files changed

+45
-0
lines changed

docs/code-quality/c26459.md

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
---
2+
description: "Learn more about: Warning C26459"
3+
title: Warning C26459
4+
ms.date: 4/10/2024
5+
f1_keywords: ["C26459", "NO_RAW_POINTER_IN_STL_RANGE_CHECKED"]
6+
helpviewer_keywords: ["C26459"]
7+
---
8+
# Warning C26459
9+
10+
> You called an STL function '%function%' with a raw pointer parameter at position '%position%' that may be unsafe - this relies on the caller to check that the passed values are correct. Consider wrapping your range in a gsl::span and pass as a span iterator (stl.1)
11+
12+
## Remarks
13+
14+
Out of bound writes are one of the leading causes of remote code execution vulnerabilities. One remedy is to use bounds checked data structures like `gsl::span`. This warning identifies cases where Standard Template Library (STL) algorithms operate on raw pointers as output ranges. Raw pointers aren't bounds checked. To prevent vulnerabilities, use `gsl::span` instead.
15+
16+
Code analysis name: `NO_RAW_POINTER_IN_STL_RANGE_CHECKED`
17+
18+
## Example
19+
20+
The following code demonstrates undefined behavior because there isn't any bounds checking and `copy_if` writes beyond the provided storage.
21+
22+
```cpp
23+
void f()
24+
{
25+
std::vector<int> myints = { 10, 20, 30, 40, 50, 60, 70 };
26+
int mydestinationArr[7] = { 10, 20, 80 };
27+
28+
std::copy_if(myints.begin(), myints.end(), mydestinationArr, [](int i) { return !(i<0); }); // Warning: C26459
29+
}
30+
```
31+
32+
To fix the warning, use `gsl::span` to make sure the output range is bounds checked:
33+
34+
```cpp
35+
void f()
36+
{
37+
std::vector<int> myints = { 10, 20, 30, 40, 50, 60, 70 };
38+
int mydestinationArr[7] = { 10, 20, 80 };
39+
gsl::span<int> mySpan{mydestinationArr};
40+
41+
std::copy_if(myints.begin(), myints.end(), mySpan.begin(), [](int i) { return !(i<0); }); // No warning
42+
}
43+
```

docs/code-quality/toc.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -142,6 +142,8 @@ items:
142142
href: ../code-quality/c26456.md
143143
- name: Warning C26457
144144
href: ../code-quality/c26457.md
145+
- name: Warning C26459
146+
href: ../code-quality/c26459.md
145147
- name: Warning C26460
146148
href: ../code-quality/c26460.md
147149
- name: Warning C26461

0 commit comments

Comments
 (0)