How do I fix Visual Studio 2019 warning C26052?

Question

I'm creating a .dll in C using Visual Studio 2019.

I am using _In_bytecount_ to help prevent buffer overflows where I can.

pmReportCrash(
    _In_bytecount_(_wndTitleLength * 2) LPCWCH _wndTitle,
    _In_ size_t _wndTitleLength,
    _In_bytecount_(_wndMSGLength * 2) LPCWCH _wndMSG,
    _In_ size_t _wndMSGLength,
    _In_bytecount_(_wndDescLength * 2) LPCWCH _wndDesc,
    _In_ size_t _wndDescLength,
    _In_bytecount_(_wndRestartCommandLength * 2) LPCWCH _wndRestartCommand,
    _In_ size_t _wndRestartCommandLength,
    _In_bytecount_(_wndIconDirLength * 2) LPCWCH _wndIconDir,
    _In_ size_t _wndIconDirLength,
    _In_bytecount_(_wndImageDirLength * 2) LPCWCH _wndImageDir,
    _In_ size_t _wndImageDirLength
)

But when I took my wide characters and passed them to swprintf_s as parameters:

(swprintf_s(wndMSGParam, _wndMSGLength + 5, L"/m \"%s\"", _wndMSG);)

It started saying this:

Warning C26052

Potentially unconstrained access using expression '(LPCWCH)_wndMSG' Buffer _wndMSG is passed to function swprintf_s as unannotated parameter 4 None of the other parameters seem to be constrained by the buffer length

Buffer _wndMSG is a parameter to this function declared on line 13 Buffer is of length offset(_wndMSG)13 + 2*_wndMSGLength13 bytes [from annotation SAL_readableTo(byteCount(_wndMSGLength * 2)) at c:\users%userdir%\source\repos\api.postman.crashreporter\api.postman.crashreporter\postman.crash reporter.h(16)]

Values of variables: Pointer _wndMSG is at offset 0 bytes from the start of the buffer Pointer result.malloc is at offset offset(result.malloc)53a bytes from the start of result.malloc'53 _wndMSGLength = _wndMSGLength13 wndMSGParam = result.malloc

where offset(_wndMSG)13 == 0 _wndMSGLength13 >= 1 API.Postman.CrashReporter C:\Users%userdir%\source\repos\API.Postman.CrashReporter\API.Postman.CrashReporter\PostMan.Crash Reporter.c 54

Is this warning possible to fix or do I need to suppress it if I want to get rid of it?

Answer 1

Here are some ideas:

• The arguments do not seem to be null terminated, so you should use %.*s to specify a maximum length to read from _wndMSG.
• The size argument to swprintf_s should include space for the null terminator.
• The C Standard specifies that the argument type for %s should be a pointer to char, not wchar_t. Unless Microsoft has a different convention, you should use %ls for an LPCWCH argument.

Try using this:

swprintf_s(wndMSGParam, _wndMSGLength + 6, L"/m \"%.*ls\"",
           (int)_wndMSGLength, _wndMSG);

Notes:

• %ls expects a pointer to wchar_t, a wide character string, which is copied to the destination array unmodified.

• the .* in %.*ls specifies that a maximum number of characters to copy from the string argument is passed as an int argument before the string pointer. If this maximum number is a constant (eg: 10), it can be written %.10ls without an extra argument. Note that this precision field is different from the width field that can be written just after the %, as a decimal number or a *, and specifies the number of characters to pad the output to with spaces. For example:

  wchar_t wbuf[20];
  swprintf_s(wbuf, sizeof wbuf, L"|%10.5ls|", L"1234567");
  

  produces the string | 12345| in wbuf.