Code Analysis rule C6386 seems to report many false Write Buffer Overrun message
Hi,
why does Code Analysis complain on next peace of code ?
we have many loops where the same issue is reported where we loop on (int i = 0 ; i < size ; i++ )
_TCHAR * Name = new _TCHAR[String.GetLength() + 2];
Name[0] = LanguageKey;
for (i=0; i < String.GetLength(); i++)
Name[i + 1] = String.GetAt(i);
Name[i+1] = 0x00;
i get next details :
C6386 Write overrun
Buffer overrun while writing to 'Name': the writable size is '(String.public: int __cdecl ATL::CSimpleStringT<char,0>::GetLength(void)const ()+2)*1' bytes, but '4' bytes might be written.
WinRoute
gr_configuration.cpp
453
'Name' is an array of 3 elements (3 bytes)
446
Enter this loop, (assume 'i<String.GetLength()')
450
Continue this loop, (assume 'i<String.GetLength()')
450
'i' may equal 2
450
Exit this loop, ('i<String.GetLength()' is false)
450
Invalid write to 'Name[3]', (writable range is 0 to 2)
453
I think that actually if "i" may be 2 then it means the String.GetLenght() is at least 3 ( because i < String.GetLenght() ) in the
loop condition. So then the array has at least lenght of (3 + 2) * sizeof(_TCHAR) , making it writable to at least Name[3] ( and even Name[4] )
Thanks,
It seems to me Code Analysis is wrong.
You can also try single stepping using VS debugger, and check that index (i+1) at the end of the loop is just fine and in-bounds.
Anyway, I wonder why don't you just use string concatenation operations (i.e. operator+=) instead of writing manual concatenation code?
If you need a raw character pointer from the built string (e.g. for some legacy C API interop), you can always call CString::GetString() to get it (or use implicit CString conversion operator).
Giovanni
Similar Messages
-
Static Code Analysis Suppression
Is there a way to suppress code analysis errors that are coming from a referenced database when the referenced database is added as "Database location: Same database". I still want to enforce the rules in my code, but another team owns dbo and
provided me a dacpac. This also happens when the underlying database is added as a project reference.
Below is a snippet from the StaticCodeAnalysis.Results.xml file.
<?xml version="1.0" encoding="utf-8"?>
<Problems>
<Problem>
<Rule>Microsoft.Rules.Data.SR0009</Rule>
<ProblemDescription>Avoid NVARCHAR of only one element.</ProblemDescription>
<SourceFile />
<Line>0</Line>
<Column>0</Column>
<Severity>Error</Severity>
</Problem>
</Problems>Hi Mark, are you using the latest version of the tools? This seems like an error as we wouldn't expect analysis of referenced code. If this is happening on our latest update could you please file
a connect bug for this issue at https://connect.microsoft.com/SQLServer/feedback/CreateFeedback.aspx and
use the category "Developer Tools(SSDT, BIDS, etc.)". We're trying to track all bugs through connect so that you can tell when we have fixed the issue and we can request more information.
Thanks,
Kevin -
Source Code Analysis tool for BPEL (and BPMN) 11g
Hi,
We are checking for the availablility of 'source code analysis' tools (analogy like findbug, checkstyle) for BPEL / BPMN Orchestrations.
Any information/pointers to it is really valuable and appreciated.
Thanks,
Pavan.Hi AnujaMoharir,
Welcome to MSDN.
I am afraid that as Renee Culver said, these forums donot support VB6, you could refer to this thread:
Where to post your VB 6 questions
You could consider posting this issue in these forums below:
These forums do not support Visual Basic 6, however there are many third-party support sites that do. If you have a VB6-related question please visit these popular forums:
VB Forums
VB City
Thanks for your understanding.
Best Regards,
Youjun Tang
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
TFS Build - Code Analysis is not happening.
Dear support,<o:p style="font-family:'Times New Roman';font-size:medium;line-height:normal;"></o:p>
<o:p style="font-family:'Times New Roman';font-size:medium;line-height:normal;"> </o:p>
I have the following issue with TFS build system.
<o:p style="font-family:'Times New Roman';font-size:medium;line-height:normal;"> </o:p>
Although I have configured the projects in my solutions to run the static code analysis during build, and I have created a build definition to build these solutions, I’m unable
to get the corresponding static code analysis report in the build summary. This is also the case if I set Perform Code Analysis to Always in the build definition. Is this a bug or am I missing something?
Regards
HemHi Hem,
Thanks for your reply.
You’re using TFS 2013 Update 4?
Do you mean that you have installed the VS 2013 Premium on your build agent machine, and if you manually build your solution using this VS 2013 Premium on build agent machine, the code analysis result show correctly in build result?
Please follow the steps in document to check your solution and build definition settings:
https://msdn.microsoft.com/en-us/library/bb668977.aspx?f=255&MSPPError=-2147217396.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Unable to run code analysis with WDK 9926
Hi,
I am trying to run code analysis with WDK 9926 and seeing below issue? can anybody help me to resolve this ?
Error:
====
C:\sw\dev\T4\windows\Src\kernel\vbd>msbuild.exe cht4vbd.vcxproj /p:Configuration="Windows 8.1 Debug" /P:Platform=x64 /P:RunCodeAnalysisOnce=True
Microsoft (R) Build Engine version 12.0.21005.1
[Microsoft .NET Framework, version 4.0.30319.33440]
Copyright (C) Microsoft Corporation. All rights reserved.
Build started 4/7/2015 12:08:30 AM.
Project "C:\sw\dev\T4\windows\Src\kernel\vbd\cht4vbd.vcxproj" on node 1 (defaul
t targets).
DriverBuildNotifications:
Building 'cht4vbd' with toolset 'WindowsKernelModeDriver10.0' and the 'Deskto
p' target platform.
Using KMDF 1.11.
PrepareForBuild:
Creating directory "x64\Windows8.1Debug\".
Creating directory "C:\sw\dev\T4\windows\Src\kernel\vbd\x64\Windows8.1Debug\c
hk\x64\".
Creating directory "x64\Windows8.1Debug\cht4vbd.tlog\".
InitializeBuildStatus:
Creating "x64\Windows8.1Debug\cht4vbd.tlog\unsuccessfulbuild" because "Always
Create" was specified.
StampInf:
c:\Program Files (x86)\Windows Kits\10\bin\x86\stampinf.exe -d "*" -a "amd64"
-k "1.11" -f x64\Windows8.1Debug\chvbdx64.inf
Copying "C:\sw\dev\T4\windows\Src\kernel\vbd\chvbdx64.inf" to "x64\Windows8.1
Debug\chvbdx64.inf" for stamping
Using version information from c:\Program Files (x86)\Windows Kits\10\Include
\shared\\ntverp.h
Could not open version header file c:\Program Files (x86)\Windows Kits\10\Inc
lude\shared\\bldnump.h. (0x00000002)
Could not determine version information. Please specify using -v option.
Updates common INF file directives
USAGE:
stampinf -f filename [-s section] [-d <xx/yy/zzzz> | *]
-a architecture -n [-c catalogfile]
[-v <w.x.y.z> | *]
[-k nnnnn] [-u nnnnn]
[-i path]
-f specifies the INF file to process
-s specifies the INF section to place the DriverVer= directive. By
default this directive is placed in the [Version] section.
-d specifies the date written in the DriverVer= directive. Note that
a '*' given for a date value means for stampinf to write the
current date. If the date is not specified, the date is taken
from the STAMPINF_DATE environment variable.
-v specifies the version written in the DriverVer= directive. Note
that a '*' given for a version value means for stampinf to write
the current time (h.m.s.ms). This is useful during development
in order to get increasing version numbers. If the version is not
specified, its value is taken from the STAMPINF_VERSION
environment variable.
-a specifies the architecture string to replace the $ARCH$ keyword.
The $ARCH$ keyword is used to tailor a TargetOSVersion decoration
in a [Manufacturer] section, as well as its respective section
name, to a specific platform. If no value is specified, stampinf
takes its value from the _BuildArch environment variable.
-c specifies the value to be written in the CatalogFile= directive
in the [Version] section. By default, this directive is not
written.
-k specifies the version of KMDF that this driver depends on. This
is used to tailor the KmdfLibraryVersion & KMDF co-installer name
in the INF. This will replace the $KMDFVERSION$ and
$KMDFCOINSTALLERVERSION$ keywords in the INF. The string is of
the format:
<major_version>.<minor_version>
As an example, supplying 1.5 as the version string will result in
values of 1.5 and 01005 for the two keywords (respectively).
-u specifies the version of UMDF that this driver depends on. This
is used to tailor the UmdfLibraryVersion & UMDF co-installer name
in the INF. This will replace the $UMDFVERSION$ and
$UMDFCOINSTALLERVERSION$ keywords in the INF. The string is of
the format:
<major_version>.<minor_version>.<service_version>
(where service_version is generally zero)
As an example, supplying 1.5.0 as the version string will result
in values of 1.5.0 and 01005 for the two keywords (respectively).
-i specifies the location of ntverp.h file.
path represent the fully qualified
location of the directory containing ntverp.h.
-n noisy mode shows verbose stampinf output
-x removes the coinstaller tag from the file and replaces the line w
ith a ";"
NOTES:
The environment variable PRIVATE_DRIVER_PACKAGE can be set to
enable stampinf's 'developer mode' behavior. When this is
set, the date and version used for DriverVer is set to the
current date and time, regardless of the command line
settings. Also, 'CatalogFile=delta.cat' is written to the
version section, unless a catalog was already specified
with '-c'.
c:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.common.targets(355,5
): error MSB6006: "stampinf.exe" exited with code 1. [C:\sw\dev\T4\windows\Src\
kernel\vbd\cht4vbd.vcxproj]
Done Building Project "C:\sw\dev\T4\windows\Src\kernel\vbd\cht4vbd.vcxproj" (de
fault targets) -- FAILED.
Build FAILED.
"C:\sw\dev\T4\windows\Src\kernel\vbd\cht4vbd.vcxproj" (default target) (1) ->
(StampInf target) ->
c:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.common.targets(355
,5): error MSB6006: "stampinf.exe" exited with code 1. [C:\sw\dev\T4\windows\Sr
c\kernel\vbd\cht4vbd.vcxproj]
0 Warning(s)
1 Error(s)
Time Elapsed 00:00:04.07
Thanks, KrishnaHi,
I am trying to run code analysis with WDK 9926 and seeing below issue? can anybody help me to resolve this ?
Error:
====
C:\sw\dev\T4\windows\Src\kernel\vbd>msbuild.exe cht4vbd.vcxproj /p:Configuration="Windows 8.1 Debug" /P:Platform=x64 /P:RunCodeAnalysisOnce=True
Microsoft (R) Build Engine version 12.0.21005.1
[Microsoft .NET Framework, version 4.0.30319.33440]
Copyright (C) Microsoft Corporation. All rights reserved.
Build started 4/7/2015 12:08:30 AM.
Project "C:\sw\dev\T4\windows\Src\kernel\vbd\cht4vbd.vcxproj" on node 1 (defaul
t targets).
DriverBuildNotifications:
Building 'cht4vbd' with toolset 'WindowsKernelModeDriver10.0' and the 'Deskto
p' target platform.
Using KMDF 1.11.
PrepareForBuild:
Creating directory "x64\Windows8.1Debug\".
Creating directory "C:\sw\dev\T4\windows\Src\kernel\vbd\x64\Windows8.1Debug\c
hk\x64\".
Creating directory "x64\Windows8.1Debug\cht4vbd.tlog\".
InitializeBuildStatus:
Creating "x64\Windows8.1Debug\cht4vbd.tlog\unsuccessfulbuild" because "Always
Create" was specified.
StampInf:
c:\Program Files (x86)\Windows Kits\10\bin\x86\stampinf.exe -d "*" -a "amd64"
-k "1.11" -f x64\Windows8.1Debug\chvbdx64.inf
Copying "C:\sw\dev\T4\windows\Src\kernel\vbd\chvbdx64.inf" to "x64\Windows8.1
Debug\chvbdx64.inf" for stamping
Using version information from c:\Program Files (x86)\Windows Kits\10\Include
\shared\\ntverp.h
Could not open version header file c:\Program Files (x86)\Windows Kits\10\Inc
lude\shared\\bldnump.h. (0x00000002)
Could not determine version information. Please specify using -v option.
Updates common INF file directives
USAGE:
stampinf -f filename [-s section] [-d <xx/yy/zzzz> | *]
-a architecture -n [-c catalogfile]
[-v <w.x.y.z> | *]
[-k nnnnn] [-u nnnnn]
[-i path]
-f specifies the INF file to process
-s specifies the INF section to place the DriverVer= directive. By
default this directive is placed in the [Version] section.
-d specifies the date written in the DriverVer= directive. Note that
a '*' given for a date value means for stampinf to write the
current date. If the date is not specified, the date is taken
from the STAMPINF_DATE environment variable.
-v specifies the version written in the DriverVer= directive. Note
that a '*' given for a version value means for stampinf to write
the current time (h.m.s.ms). This is useful during development
in order to get increasing version numbers. If the version is not
specified, its value is taken from the STAMPINF_VERSION
environment variable.
-a specifies the architecture string to replace the $ARCH$ keyword.
The $ARCH$ keyword is used to tailor a TargetOSVersion decoration
in a [Manufacturer] section, as well as its respective section
name, to a specific platform. If no value is specified, stampinf
takes its value from the _BuildArch environment variable.
-c specifies the value to be written in the CatalogFile= directive
in the [Version] section. By default, this directive is not
written.
-k specifies the version of KMDF that this driver depends on. This
is used to tailor the KmdfLibraryVersion & KMDF co-installer name
in the INF. This will replace the $KMDFVERSION$ and
$KMDFCOINSTALLERVERSION$ keywords in the INF. The string is of
the format:
<major_version>.<minor_version>
As an example, supplying 1.5 as the version string will result in
values of 1.5 and 01005 for the two keywords (respectively).
-u specifies the version of UMDF that this driver depends on. This
is used to tailor the UmdfLibraryVersion & UMDF co-installer name
in the INF. This will replace the $UMDFVERSION$ and
$UMDFCOINSTALLERVERSION$ keywords in the INF. The string is of
the format:
<major_version>.<minor_version>.<service_version>
(where service_version is generally zero)
As an example, supplying 1.5.0 as the version string will result
in values of 1.5.0 and 01005 for the two keywords (respectively).
-i specifies the location of ntverp.h file.
path represent the fully qualified
location of the directory containing ntverp.h.
-n noisy mode shows verbose stampinf output
-x removes the coinstaller tag from the file and replaces the line w
ith a ";"
NOTES:
The environment variable PRIVATE_DRIVER_PACKAGE can be set to
enable stampinf's 'developer mode' behavior. When this is
set, the date and version used for DriverVer is set to the
current date and time, regardless of the command line
settings. Also, 'CatalogFile=delta.cat' is written to the
version section, unless a catalog was already specified
with '-c'.
c:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.common.targets(355,5
): error MSB6006: "stampinf.exe" exited with code 1. [C:\sw\dev\T4\windows\Src\
kernel\vbd\cht4vbd.vcxproj]
Done Building Project "C:\sw\dev\T4\windows\Src\kernel\vbd\cht4vbd.vcxproj" (de
fault targets) -- FAILED.
Build FAILED.
"C:\sw\dev\T4\windows\Src\kernel\vbd\cht4vbd.vcxproj" (default target) (1) ->
(StampInf target) ->
c:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.common.targets(355
,5): error MSB6006: "stampinf.exe" exited with code 1. [C:\sw\dev\T4\windows\Sr
c\kernel\vbd\cht4vbd.vcxproj]
0 Warning(s)
1 Error(s)
Time Elapsed 00:00:04.07
Thanks, Krishna -
HT4480 I have redemption codes for FCP from my university - how many machines can I install on?
I have redemption codes for FCP from my university - how many machines can I install on?
Do you have these codes because this will be your app? Or is this a "loan" from the school to install on your machine? Do you use your own Apple ID to redeem the code and install the app?
If it is your app, then you may install it on as many Macs as you own or have in your control. -
Is there any transaction code for uploding logo in ALV reports.
is there any transaction code for uploding logo in ALV reports.
hi,
call function 'REUSE_ALV_COMMENTARY_WRITE'
exporting
it_list_commentary = t_header.
i_logo = 'Z_LOGO'.
endform.
Upload Logo for REUSE_ALV_COMMENTARY_WRITE
For those who wish to upload and use a picture in your ALV abap reports.
Steps for uploading Logo :-:
1. Goto the transaction OAER
2. Enter the class name as 'PICTURES'
3. Enter the class type as 'OT'
4. Enter the object key as the name of the logo you wish to give
5. Execute
6. Then in the new screen select Standard doc. types in bottom window
Click on the Screen icon
Now, it will ask for the file path where you have to upload the logo
7. Now you can use this logo in REUSE_ALV_COMMENTARY_WRITE
or
Import Logo and Background Picture for Reporting
In this step, you can import a customer-specific logo and a background picture into the R/3 System. These will be displayed in the header area of reports in HR Funds and Position Management.
From the SPRO:
HR Funds and Position Management --> Dialog Control --> Customize Reporting Interface --> Import Logo and Background Picture for Reporting.
Activities
1. Enter the Name of your logo/background picture as an object key in the initial screen.
2. Make sure that the class name is PICTURES, and the class type is OT.
3. Choose Execute.
4. Double-click the document type Picture on the Create tab page. A dialog box will appear in which you can enter the path in which the logo/background picture can be found.
5. Enter the path and choose Open. The logo will be uploaded into the current R/3 System. If the logo/background picture is to be transported into other systems as well, choose Transport.
6. Return to the initial screen and repeat the procedure after having entered the Name of your background picture as an object key.
Please note that the logo/background picture can only be displayed in ALV-based reports with an HTML header. Manually programmed reports such as business distribution plans are not based on the ALV.
If you have selected several initial objects, ALV-based reports in HR Funds and Position Management will automatically use a hiearchical-sequential display. A logo is not displayed here either. Note also that the logo cannot be printed (see print preview in program).
Make sure that the logo does not exceed a height of 100 pixels because it would mean that the header of the report will be scrollable. -
Tax code not displaying in me2j - Need Report for PO tax codes
Dear Guru's,
For Trading materials, while creating PO, we are inserting Tax codes in "Invoicing Tab". But the same(TAX CODE) is not displaying in ME2J report.
But For service materials, we are entering tax codes in the "Services Tab" and it is displaying in the report ME2J.
Kindly tell me a report where we can see the taxcodes for PO.
Regards,
deepaSir,
I did that already, but no code is displaying in that "Tax code Column" for Trading materials.
But tax code has been entered while creating PO in "Invoicing Tab" as "V0" for example.. V0 is not displaying in ME2J Report.
Pls. reply
Edited by: deepa rani on Jun 4, 2008 2:54 PM -
Colour code a column in an interactive report
Hi
Could anybody tell me how to colour code a column in an interactive report please.
I am using apex version 3.1.
Thanks in advanceWhen your IR is displayed, go to the Actions Menu, choose "Highlight" and enter the condition when which row or field should be highlighted.
brgds,
Peter
Blog: http://www.oracle-and-apex.com
ApexLib: http://apexlib.oracleapex.info
BuilderPlugin: http://builderplugin.oracleapex.info
Work: http://www.click-click.at -
Is there any plug-ins for static code analysis in Jdeveloper
Hi,
Is there any PMD, check style and static code analysis plug-ins available for JDeveloper? Those are available for Eclipse. How to achieve that in the JDeveloper?
Regards,
Raghu.This should help-
PMD plugin for JDeveloper 11.1.2.0
http://develishdevelopment.wordpress.com/2012/03/12/have-released-pmd-jdeveloper-extension-4-3/
Always mention you Jdev version. Here I just assumed yours :P -
T code for generating 103 mvt. document report.
What is the T-code used for getting the document report for Movement type 103
the document should have the following fields
Material : Description: Qty on order: Qty received: Value
& also the costing elements applied ( example freight charges, customs packaging etc. )
Pls. let me know if any of the Tcodes comes close to meet this requirmentHi, Try MB51 / MB59, with 103 Mvt type & 'Trans./Event Type' - WE,after executing go to details list (Ctrl + Shift + F12) here change the layout & check if you are able to achieve your requirement or get it developed by your abapers as per your requirement, no such std. report.
-
Source code analysis tools for ActionScript 2?
I have been tasked with performing source code analysis on a very large (>1000 files) AS2 codebase.
Not surprisingly, Googling is not yielding useful results. Before declaring defeat, I felt it important to query this forum.
Any guidance would be appreciated.We'd like to evaluate the hundreds of files using a static analysis tool, just as one would use lint for a C codebase.
Thanks,
M -
Business Rule variable in Essbase report
Hi,
I need to create a report where I will use the variable (created as Business Rules variable e.g.- [BudYear],[CurrVersion] etc) but it is not working. If I use [BudYear] it is just showing the dimension name in report as 'Year'. But when I use any exxbase substitution variable (e.g.- &CurYear etc) it is working fine. So, can it be possible to use business rules variable in essbase reports?
Can it be possible to save the essbase report in comma delimited format (I am only getting tab delimited option). Please revert back.
Thanks & Regards.As John rightly said, HBR rules are only applicable within HBR. What you want is an Essbase Substitution Variable. So long as the value does not get selected interactively in the HBR, you can use a Substitution Variable instead. An example would be something like current year -- this isn't going to get changed by the users via a Planning form or a prompt.
HBRs, Calc Scripts, member formulas, load rules, and of course Essbase report scripts can all read substitution variables. See the DBAG for more information. Personally, I only use HBR variables, local or global, for items off the POV or driven by a run-time prompt.
Unfortunately, a comma delimted file is a pain in a report script -- you have to make your columns fixed length and then use the MASK command to put the commas in -- ugh. However tab delimited files are an option. I've never found an IT group that couldn't handle the latter format.
You may also go with the the DATAEXPORT calc script command -- a comma delmited output is possible with that command and of course it supports Essbase substitution variables.
Regards,
Cameron Lackpour -
Java static code analysis tool on Windows
What Java static source code analysis tool are there on Microsoft Windows, and which would you recommend?
I Know Coverity and
Klocwork
Edited by: Jennifer.helen on May 8, 2009 6:03 AMI submit PMD and Findbugs.
-
after several years of taking photos(thousands) I seem to have many duplicate photos in iPhoto. How do find them all without going through 10,000 photos? they are mostly scanned photos that I have reused over the years not ones that I have recently uploaded from my camera.
Thanks whoever can helpWhere are you seeing these duplicates? In the iPhoto window or in the Finder?
OT
Maybe you are looking for
-
made in cosmos help please need it using System; using Cosmos.Compiler.Builder; using System.Threading; using System.Windows.Forms; namespace IUOS class Program #region Cosmos Builder logic // Most users wont touch this. This will
-
Printing pages with in rang of pages
Dear fellows is there any paramater which can specify that from which page number to which page number it should be printed at run time if we send report directly to printer if we do not show print job dialog box. Thanking You, Chandan
-
Can i use the apple TV in India.
I am planning to purchase a apple TV. can i use it in india with some internet provider.
-
Hi Experts, I have a query in Graphical RFC Lookup function. I am working on Pi 7.1 and scenario is File to Idoc. In the file, material number is coming, and I have to find out the corresponding Customer number from ECC table using RFC Lookup. I know
-
Can't get album art from iTunes.
Ok, so we have the ability to get album artwork. I presume that iTunes contacts iTMS and searches for artwork. I have an album that is also on iTMS and I want to get the artwork. I click on get album artwork and then nothing. It is a soundtrack, so I