PREfast Warning 205 (Windows CE 5.0)
205 - Stack buffer overrun in <variable> in call to evil function <function>.
This warning indicates that a stack variable is being passed into function that gives no way of controlling how many bytes are copied into a buffer (such as gets).
This defect is likely to result in an exploitable security hole or a program crash.
When making changes, be sure the code behaves correctly in the case of very long data.
It is possible to fix the buffer overrun and stop the PREfast warning but have code that still behaves incorrectly. A useful technique for helping to address problem is to use a function that includes the buffer size (such as fgets or _fgetws) instead.
Handle the case where the length of the data exceeds the buffer size. In some cases, more significant changes can be required.
Example
Defective Source
char buff[_MAX_PATH];
if (! gets(buff)) // Does not account for if something longer than
{;} // MAX_PATH is provided as input.
Corrected Source
char buff[_MAX_PATH];
if (! fgets(buff, sizeof buff, stdin))
{;}
Send Feedback on this topic to the authors