Here's an example given on MSDN ( http://msdn.microsoft.com/en-us/library/hh916383.aspx ) that tried to explain SAL annotation could help find a common off-by-one error.
wchar_t * wmemcpy(
_Out_writes_all_(count) wchar_t *dest,
_In_reads_(count) const wchar_t *src,
size_t count)
{
size_t i;
for (i = 0; i <= count; i++) { // BUG: off-by-one error
dest[i] = src[i];
}
return dest;
}
I don't quite get this example. In this example, it looks like the function signature contains a parameter called count
, so we can use In_reads_(count)
to make sure the memory space that src
is pointing to has at least such number of bytes.
My question is, what if there is a function with signature like this
memcpy_example(wchar_t* dest, wchar_t* src)
In this case, the signature does not contain any information about the sizes. Can I use SAL to tell debugger that dest
should be same size or 1-byte larger than src
?
The correct annotation would be:
memcpy_example(
_Out_writes_z_(_String_length_(src) + 1) wchar_t *dest,
_In_z_ const wchar_t *src)
However, the analysis is much less precise in this case, since the analyzer does not know the actual string-length in most cases (tested with VS 2013):
void test_sal()
{
wchar_t out[10];
auto in1 = L"12345678901234";
auto in2 = _wcsdup(L"12345678901234");
memcpy_example(out, in1); // SAL warning
memcpy_example(out, in2); // No warning!
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.