Static Analysis Problem Type Reference
A call to an SAL-annotated subroutine has violated a readable size constraint.
Microsoft has defined a standard source annotation language (SAL) that can describe constraints on legal argument values. This error indicates that the call in question violates one such constraint. Specifically, a constraint on the readable size of an input or inout parameter.
SAL can be used to indicate that a particular input pointer must point to a buffer of a certain size. The size can either be a constant or the value of another integer parameter, and may be expressed in elements or in bytes. The error message text identifies the parameter at fault, the expected size, and the actual size.
A readable size constraint violation indicates that the call will result in a bounds violation within the called routine. This could result in an addressing error or undefined behavior due to processing of unspecified values. Replace the actual parameter with one that meets the requirements of the called routine.
SAL allows detection of this error even when the source of the called routine is not available for analysis. Note that the annotations themselves will appear on the declaration of the called routine, which is likely in an include file.
|
ID |
Code Location |
Description |
|---|---|---|
|
1 |
Buffer overflow |
The call site where the invalid argument was passed |
#include <malloc.h>
#include <sal.h>
// This annotation indicates that the second parameter expects a
// pointer to an array of characters whose size is the first parameter.
// Typically such a routine would use the first parameter
// as a loop bound as it loops over the elements of the array.
extern void annotated_function(int size, _In_bytecount_(size) char* a);
int main(int argc, char **argv)
{
char buff[3] = { '0', '1', '2' };
char *p = buff;
annotated_function(sizeof(buff) - 1, p); // good
annotated_function(sizeof(buff), p); // good
annotated_function(sizeof(buff) + 1, p); // bad
return 0;
}