Warning C26459
You called an STL function '%function%' with a raw pointer parameter at position '%position%' that may be unsafe - this relies on the caller to check that the passed values are correct. Consider wrapping your range in a gsl::span and pass as a span iterator (stl.1)
Remarks
Out of bound writes are one of the leading causes of remote code execution vulnerabilities. One remedy is to use bounds checked data structures like gsl::span. This warning identifies cases where Standard Template Library (STL) algorithms operate on raw pointers as output ranges. Raw pointers aren't bounds checked. To prevent vulnerabilities, use gsl::span instead.
Code analysis name: NO_RAW_POINTER_IN_STL_RANGE_CHECKED
Example
The following code demonstrates undefined behavior because there isn't any bounds checking and copy_if writes beyond the provided storage.
void f()
{
std::vector<int> myints = { 10, 20, 30, 40, 50, 60, 70 };
int mydestinationArr[7] = { 10, 20, 80 };
std::copy_if(myints.begin(), myints.end(), mydestinationArr, [](int i) { return !(i<0); }); // Warning: C26459
}
To fix the warning, use gsl::span to make sure the output range is bounds checked:
void f()
{
std::vector<int> myints = { 10, 20, 30, 40, 50, 60, 70 };
int mydestinationArr[7] = { 10, 20, 80 };
gsl::span<int> mySpan{mydestinationArr};
std::copy_if(myints.begin(), myints.end(), mySpan.begin(), [](int i) { return !(i<0); }); // No warning
}
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for