C6327
warning C6327: Potential buffer overrun: SysAllocStringLen copies <number> characters from the string <variable> without validating the number of characters to copy. The code may crash
This warning indicates a potential buffer overrun. SysAllocStringLen allocates a string and then copies the specified number of characters from the specified string. Because SysAllocStringLen does not validate the number of characters to copy, if the number of characters specified is larger than the number of characters in the string, the code might crash. You must pass correct number of characters to the SysAllocString function to avoid buffer overrun.
Example
The following sample code generates this warning:
#include <windows.h>
void f ()
{
BSTR bstr;
bstr = SysAllocStringLen(L"txt", 5); // warning 6327
// code...
SysFreeString(bstr);
}
To correct this warning, pass the correct string length as shown in the following code:
#include <windows.h>
void f()
{
BSTR bstr;
wchar_t *greeting=L"Hello, World!";
bstr = SysAllocStringLen(greeting, sizeof(greeting));
// code...
SysFreeString(bstr);
}