Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
You called an STL function '%function%' with a raw pointer parameter at position '%position%' that may be unsafe - this relies on the caller to check that the passed values are correct. Consider wrapping your range in a gsl::span and pass as a span iterator (stl.1)
Remarks
Out of bound writes are one of the leading causes of remote code execution vulnerabilities. One remedy is to use bounds checked data structures like gsl::span. This warning identifies cases where Standard Template Library (STL) algorithms operate on raw pointers as output ranges. Raw pointers aren't bounds checked. To prevent vulnerabilities, use gsl::span instead.
Code analysis name: NO_RAW_POINTER_IN_STL_RANGE_CHECKED
Example
The following code demonstrates undefined behavior because there isn't any bounds checking and copy_if writes beyond the provided storage.
void f() { std::vector<int> myints = { 10, 20, 30, 40, 50, 60, 70 }; int mydestinationArr[7] = { 10, 20, 80 }; std::copy_if(myints.begin(), myints.end(), mydestinationArr, [](int i) { return !(i<0); }); // Warning: C26459 } To fix the warning, use gsl::span to make sure the output range is bounds checked:
void f() { std::vector<int> myints = { 10, 20, 30, 40, 50, 60, 70 }; int mydestinationArr[7] = { 10, 20, 80 }; gsl::span<int> mySpan{mydestinationArr}; std::copy_if(myints.begin(), myints.end(), mySpan.begin(), [](int i) { return !(i<0); }); // No warning }