PREfast Warning 209 (Windows CE 5.0)
209 - Using sizeof(<variable>) as parameter <number> in call to <function> where <variable> is an array of wide characters.
Question: Should this be character count rather than byte count?
This warning indicates that PREfast has identified a parameter to a function call that may incorrectly be a byte count instead of a character count.
This defect can result in a memory corruption or program crash, although some cases can result in an exploitable security hole.
Sometimes the heuristic PREfast uses can be incorrect for certain coding styles. Therefore, this warning might not correspond to a defect in the code.
A common cause of this defect comes from using sizeof on a character array. The sizeof operator always computes the number of bytes. For ANSI characters, this is the same as the number of characters, but for Unicode characters, it is twice the number of characters.
It is typically safe to compute the number of elements in an array by dividing the size of the array by the size of each individual element.
If PREfast knows that the specific function involved definitely takes a character count rather than a byte count, it produces the more precise warning 53 instead.
PREfast generates this warning in cases where:
- A variable is passed as one parameter and the sizeof that variable is passed as another parameter.
- Both the variable type and the formal parameter type are some variety of pointer-to-wide char.
Example
Defective Source
extern void my_wcsncpy(wchar_t *, wchar_t *, size_t);
WCHAR pPtr1[5];
my_wcsncpy(pPtr1, input, sizeof pPtr1);
Corrected Source
extern void my_wcsncpy(wchar_t *, wchar_t *, size_t);
WCHAR pPtr1[5];
my_wcsncpy(pPtr1, input, (sizeof pPtr1) / (sizeof pPtr1[0]));
Send Feedback on this topic to the authors