(C26489) How to use SAL to validate a dereferenced pointer from a structure pointer?
I'll have to set my pride aside and ask of the community how to best implement and correct my numerous C26489 code analysis warnings.
I have a structure that contains various member types (primitives, pointers to other structures, etc.), and I pass it in by pointer to a function.
Prior to using it, I validate the pointer to the structure is not nullptr.
I have a function I can call to validate the data contents of the pointed-to structure are as I expect them to be, and that returns a bool, true on Success.
However, I get constant Intellisense warnings throwing C26489 when I try to dereference anything in that structure. Trying to navigate the proper use cases of SAL annotations is an exercise in frustration (I find the documentation online and in the header file to be completely lacking), but I had thought to somehow annotate that if my validation function returns Success, that the object is completely valid. No combination of annotations seem to help, and I won't rule out my inexperience with SAL at an advanced level.
I thought using _Analysis_assume_ may help, but I don't know how to tell it the object is valid, just that it's not nullptr, and all members can be dereferenced without error.
It seems poor design to create local pointers for every member in the structure just to get the code analysis engine to be happy they aren't invalid.
I feel like this is such an elementary problem and I think that hits the ol' ego hard in this case... but I'm really behind on this project and I think asking the community is a smart move.
My best attempt at pseudo code on the quick, please forgive any crappy code or styling outside of the scope of the question:
// Define the structure for job information
#define JOBINFO_HDR { (byte)1, (byte)64, (byte)16, (byte)0 };
typedef struct _JobInfoA
{
const byte hdr[4] = JOBINFO_HDR; // static set of 4-bytes (JOBINFO_HDR) defining the content for later data validation, must be first 4 bytes in definition
HWND ParentWnd = nullptr; // Parent window handle for UI dialogs
char *JobID = nullptr; // ID for the job, based on the filename
size_t JobIDLen = 0; // Byte size of the "JobID" member
// (*Snip*) etc, etc, you get the idea
} JobInfoA, *lpJobInfoA;
_Success_(return) bool ValidateJobInfoA(_Inout_ _On_failure_(_At_(*jobinfo, _Post_invalid_)) JobInfoA** jobinfo)
{
// the code here checks for nullptr on the double pointer, and then validates the structure data members individually, returning true if all looks OK
}
void samplefunction(lpJobInfoA Info)
{
int selindex = 0;
if (Info == nullptr)
return;
if (!validatejobinfo(&Info))
return;
selindex = SendDlgItemMessage(Info->ParentWnd, 601, LB_GETCURSEL, 0, 0); // Warning C26489 Don't dereference a pointer that may be invalid: 'Info->ParentWnd'. 'Info' may have been invalidated at line 0 (lifetime.1).
}
Just to be clear, I want to try and satisfy the warning, not disable it.
Edit: I should point out before anyone else does, the SAL annotations on ValidateJobInfoA are my mucking around and I don't have confidence they are correct in this example.