Compartilhar via


PREfast Warning 57 (Windows CE 5.0)

Send Feedback

57 - Buffer overrun due to number of characters/number of bytes mismatch in call to <function>.
Recommended Fix: Parameter should be '(sizeof <variable>)/(sizeof <variable>[0])'.

This warning indicates that a function that expects the number of characters is instead being passed the number of bytes.

With wide (Unicode) characters, the values are different. This defect can result in an exploitable buffer overrun or crash.

PREfast reports this warning only for a set of functions that are known to take a character count rather than a byte count, so this warning is extremely accurate.

In situations where PREfast is using a heuristic to determine whether a character count is required, it reports a warning 209 instead, which is potentially less accurate.

Sometimes this defect is comes from using sizeof on a character array. The sizeof operator always computes the number of bytes. For ANSI characters, this is the same as the number of characters, but for Unicode characters, it is twice the number of characters.

It is typically safe to compute the number of elements in an array by dividing the size of the array by the size of each individual element.

Example

Defective Source

TCHAR buff[128];

(void)LoadString(hInst,
                 uID,
                 buff,
                 sizeof buff); // Wrong in Unicode case

Corrected Source

TCHAR buff[128];

(void)LoadString(hInst,
                 uID,
                 buff,
                 (sizeof buff)/(sizeof buff[0]);

Send Feedback on this topic to the authors

Feedback FAQs

© 2006 Microsoft Corporation. All rights reserved.