Merge pull request #4921 from MicrosoftDocs/main

5/22 AM Publish

Author: huypub

docs/code-quality/c26831.md

@@ -0,0 +1,61 @@
+---
+title: Warning C26831
+description: "Describes the Microsoft C/C++ code analysis warning C26831, its causes, and how to address it."
+ms.date: 03/20/2023
+f1_keywords: ["C26831", "ALLOCATION_POTENTIAL_OVERFLOW"]
+helpviewer_keywords: ["C26831"]
+---
+# Warning `C26831`
+
+> Allocation size might be the result of a numerical overflow
+
+## Remarks
+
+This warning reports that the size specified for an allocation may be the result of a numerical overflow. For example:
+
+```cpp
+void *SmallAlloc(int);
+
+void foo(int i, int j)
+{
+    int* p = (int*)SmallAlloc(i + j); // Warning: C26831
+    p[i] = 5;
+}
+```
+
+If `i+j` overflows, `SmallAlloc` returns a buffer that is smaller than expected. That will likely lead to out of bounds attempts to access the buffer later on. This code pattern can result in remote code execution vulnerabilities.
+
+The check applies to common allocation functions like `new`, `malloc`, and `VirtualAlloc`. The check also applies to custom allocator functions that have `alloc` (case insensitive) in the function name.
+
+This check sometimes fails to recognize that certain checks can prevent overflows because the check is conservative.
+
+This warning is available in Visual Studio 2022 version 17.7 and later versions.
+
+## Example
+
+To fix the previous code example in which `i+j` might overflow, introduce a check to make sure it won't. For example:
+
+```cpp
+void *SmallAlloc(int);
+
+void foo(int i, int j)
+{
+    if (i < 0 || j < 0 )
+    {
+        return;
+    }
+
+    if (i > 100 || j > 100)
+    {
+        return;
+    }
+
+    int* p = (int*)SmallAlloc(i + j);
+    p[i] = 5;
+}
+```
+
+## See also
+
+[`C26832`](c26832.md)\
+[`C26833`](c26833.md)

docs/code-quality/c26832.md

@@ -0,0 +1,58 @@
+---
+title: Warning C26832
+description: "Describes the Microsoft C/C++ code analysis warning C26832, its causes, and how to address it."
+ms.date: 03/20/2023
+f1_keywords: ["C26832", "ALLOCATION_POTENTIAL_OVERFLOW_AFTER_CAST"]
+helpviewer_keywords: ["C26832"]
+---
+# Warning `C26832`
+
+> Allocation size is the result of a narrowing conversion that could result in overflow
+
+## Remarks
+
+This warning reports that the size specified for an allocation may be the result of a narrowing conversion that results in a numerical overflow. For example:
+
+```cpp
+void* SmallAlloc(int);
+
+void foo(unsigned short i, unsigned short j)
+{
+    unsigned short size = i + j;
+    
+    int* p = (int*)SmallAlloc(size); // Warning: C26832
+    p[i] = 5;
+}
+```
+
+In the expression `i + j`, both `i` and `j` are promoted to integers, and the result of the addition is stored in a temporary integer. Then, the temporary integer is implicitly cast to an `unsigned short` before the value is stored in `size`. The cast to `unsigned short` might overflow, in which case `SmallAlloc` may return a smaller buffer than expected. That will likely lead to out of bounds attempts to access the buffer later on. This code pattern can result in remote code execution vulnerabilities
+
+This check applies to common allocation functions like `new`, `malloc`, and `VirtualAlloc`. The check also applies to custom allocator functions that have `alloc` (case insensitive) in the function name.
+
+This check sometimes fails to recognize that certain checks can prevent overflows because the check is conservative.
+
+This warning is available in Visual Studio 2022 version 17.7 and later versions.
+
+## Example
+
+To fix the previous code example in which `i+j` might overflow, introduce a check to make sure it won't. For example:
+
+```cpp
+void *SmallAlloc(int);
+
+void foo(unsigned short i, unsigned short j)
+{
+    if (i > 100 || j > 100)
+        return;
+
+    unsigned short size = i + j;
+    
+    int* p = (int*)SmallAlloc(size);
+    p[i] = 5;
+}
+```
+
+## See also
+
+[`C26831`](c26831.md)\
+[`C26833`](c26833.md)

docs/code-quality/c26833.md

@@ -0,0 +1,70 @@
+---
+title: Warning C26833
+description: "Describes the Microsoft C/C++ code analysis warning C26833, its causes, and how to address it."
+ms.date: 03/20/2023
+f1_keywords: ["C26833", "ALLOCATION_POTENTIAL_OVERFLOW_BEFORE_CHECK"]
+helpviewer_keywords: ["C26833"]
+---
+# Warning `C26833`
+
+> Allocation size might be the result of a numerical overflow before the bound check
+
+## Remarks
+
+This warning reports that the size specified for an allocation may be the result of a numerical overflow. For example:
+
+```cpp
+void* SmallAlloc(int);
+
+void foo(unsigned i, unsigned j)
+{
+    unsigned size = i + j;
+
+    if (size > 50)
+    {
+        return;
+    }
+
+    int* p = (int*)SmallAlloc(size + 5); // Warning: C26833
+    p[j] = 5;
+}
+```
+
+The check for `size > 50` is too late. If `i + j` overflows, it produces a small value that passes the check. Then, `SmallAlloc` allocates a buffer smaller than expected. That will likely lead to out of bounds attempts to access the buffer later on. This code pattern can result in remote code execution vulnerabilities.
+
+This check applies to common allocation functions like `new`, `malloc`, and `VirtualAlloc`. The check also applies to custom allocator functions that have `alloc` (case insensitive) in the function name.
+
+This check sometimes fails to recognize that certain checks can prevent overflows because the check is conservative.
+
+This warning is available in Visual Studio 2022 version 17.7 and later versions.
+
+## Example
+
+To fix the previous code example, make sure `i+j` can't overflow. For example:
+
+```cpp
+void* SmallAlloc(int);
+
+void foo(unsigned i, unsigned j)
+{
+    if (i > 100 || j > 100)
+    {
+        return;
+    }
+
+    unsigned size = i + j;
+
+    if (size > 50)
+    {
+        return;
+    }
+
+    int* p = (int*)SmallAlloc(size + 5);
+    p[j] = 5;
+}
+```
+
+## See also
+
+[`C26831`](c26831.md)\
+[`C26832`](c26832.md)

docs/code-quality/c26835.md

@@ -0,0 +1,45 @@
+---
+title: Warning C26835
+description: "Describes the Microsoft C/C++ code analysis warning C26835, its causes, and how to address it."
+ms.date: 03/20/2023
+f1_keywords: ["C26835", "RTL_COMPARE_MEMORY_MISUSE"]
+helpviewer_keywords: ["C26835"]
+---
+# Warning `C26835`
+
+> `RtlCompareMemory` returns the number of matching bytes. Consider replacing this call with `RtlEqualMemory`
+
+## Remarks
+
+When `RtlCompareMemory`'s return value is treated as a boolean, it evaluates to true when there is at least 1 equal byte before finding a difference. Moreover, comparing the result of `RtlCompareMemory` to 0 evaluates to false if there is at least 1 matching byte. This behavior may be unexpected because it's different from other comparison functions such as `strcmp`, making the code harder to understand. To check for equality, consider using `RtlEqualMemory` instead.
+
+This warning is available in Visual Studio 2022 version 17.7 and later versions.
+
+## Example
+
+```cpp
+int foo(const void* ptr)
+{
+    if (RtlCompareMemory("test", ptr, 5) == 0) // C26835
+    {
+        // ... 
+    }
+}
+```
+
+To fix the issue, verify if the original intention was to check for equality and replace the function call with `RtlEqualMemory`:
+
+```cpp
+int foo(const void* ptr)
+{
+    if (RtlEqualMemory("test", ptr, 5)) // C26835
+    {
+        // ... 
+    }
+}
+```
+
+## See also
+
+[`RtlEqualMemory` macro (`wdm.h`)](/windows-hardware/drivers/ddi/wdm/nf-wdm-rtlequalmemory)\
+[`RtlCompareMemory` function (`wdm.h`)](/windows-hardware/drivers/ddi/wdm/nf-wdm-rtlcomparememory)

docs/code-quality/toc.yml

@@ -611,6 +611,14 @@ items:
     href: ../code-quality/c26829.md
   - name: Warning C26830
     href: ../code-quality/c26830.md
+  - name: Warning C26831
+    href: ../code-quality/c26831.md
+  - name: Warning C26832
+    href: ../code-quality/c26832.md
+  - name: Warning C26833
+    href: ../code-quality/c26833.md
+  - name: Warning C26835
+    href: ../code-quality/c26835.md
   - name: Warning C26859
     href: ../code-quality/c26859.md
   - name: Warning C26860