Warning C26833
Allocation size might be the result of a numerical overflow before the bound check
Remarks
This warning reports that the size specified for an allocation may be the result of a numerical overflow. For example:
void* SmallAlloc(int);
void foo(unsigned i, unsigned j)
{
unsigned size = i + j;
if (size > 50)
{
return;
}
int* p = (int*)SmallAlloc(size + 5); // Warning: C26833
p[j] = 5;
}
The check for size > 50 is too late. If i + j overflows, it produces a small value that passes the check. Then, SmallAlloc allocates a buffer smaller than expected. That will likely lead to out of bounds attempts to access the buffer later on. This code pattern can result in remote code execution vulnerabilities.
This check applies to common allocation functions like new, malloc, and VirtualAlloc. The check also applies to custom allocator functions that have alloc (case insensitive) in the function name.
This check sometimes fails to recognize that certain checks can prevent overflows because the check is conservative.
This warning is available in Visual Studio 2022 version 17.7 and later versions.
Example
To fix the previous code example, make sure i+j can't overflow. For example:
void* SmallAlloc(int);
void foo(unsigned i, unsigned j)
{
if (i > 100 || j > 100)
{
return;
}
unsigned size = i + j;
if (size > 50)
{
return;
}
int* p = (int*)SmallAlloc(size + 5);
p[j] = 5;
}