PREfast Warning 56 (Windows CE 5.0)
56 - Call to <function> does not validate buffer size.
Recommended Fix: Consider calling <function> instead.
This warning indicates that a function such as sprintf, which does not have a parameter indicating the maximum buffer size and is thus prone to buffer overrun, was called when an alternate function that contains the maximum buffer size exists.
This warning identifies an opportunity for defensive programming; it sometimes identifies a defect that can lead to an exploitable buffer overrun or crash.
PREfast attempts to suggest a safer function that can be called as an alternative.
Example
Defective Source
char buff[MAX_PATH];
OemToChar(buff, input); // If strlen(input) > _MAX_PATH,
// this leads to buffer overrun.
Corrected Source
char buff[MAX_PATH];
OemToCharBuff(buff, input, MAX_PATH);
Send Feedback on this topic to the authors