Merge pull request #4562 from corob-msft/learn/corob/ca-acrolinx-1

Update CA warnings as prototypes

Author: Stacyrch140

docs/code-quality/c6001.md

@@ -1,17 +1,21 @@
 ---
-description: "Learn more about: C6001"
-title: C6001
-ms.date: 11/04/2016
+description: "Learn more about: Warning C6001"
+title: Warning C6001
+ms.date: 10/04/2022
 ms.topic: reference
-f1_keywords: ["C6001"]
+f1_keywords: ["C6001", "USING_UNINIT_VAR", "__WARNING_USING_UNINIT_VAR"]
 helpviewer_keywords: ["C6001"]
 ms.assetid: 55e779f1-7295-48f7-8ce1-b43898b36cd8
 ---
-# C6001
+# Warning C6001
 
-> warning C6001: using uninitialized memory \<variable>
+> Using uninitialized memory '*variable*'.
 
-This warning is reported when an uninitialized local variable is used before it is assigned a value. This could lead to unpredictable results. You should always initialize variables before use.
+## Remarks
+
+This warning is reported when an uninitialized local variable is used before it's assigned a value. This usage could lead to unpredictable results. You should always initialize variables before use.
+
+Code analysis name: `USING_UNINIT_VAR`
 
 ## Example
 

docs/code-quality/c6011.md

@@ -1,18 +1,22 @@
 ---
-title: C6011
+title: Warning C6011
 description: "Reference for Visual Studio C++ code analysis warning C6011."
-ms.date: 03/23/2020
+ms.date: 10/04/2022
 ms.topic: reference
-f1_keywords: ["C6011"]
+f1_keywords: ["C6011", "DEREF_NULL_PTR", "__WARNING_DEREF_NULL_PTR"]
 helpviewer_keywords: ["C6011"]
 ms.assetid: 54b7bc2b-b8f5-43fc-a9a3-8189b03f249a
 ---
-# C6011
+# Warning C6011
 
-> warning C6011: dereferencing NULL pointer \<name>
+> Dereferencing NULL pointer '*pointer-name*'.
+
+## Remarks
 
 This warning indicates that your code dereferences a potentially null pointer. If the pointer value is invalid, the result is undefined. To resolve the issue, validate the pointer before use.
 
+Code analysis name: `DEREF_NULL_PTR`
+
 ## Example
 
 The following code generates this warning because a call to `malloc` might return null if insufficient memory is available:
@@ -59,12 +63,12 @@ void f([Pre(Null=Yes)] char* pc)
 }
 ```
 
-The careless use of `malloc` and `free` leads to memory leaks and exceptions. To minimize these kinds of leaks and exception problems altogether, avoid allocating raw memory yourself. Instead, use the mechanisms provided by the C++ Standard Library (STL). These include [shared_ptr](../standard-library/shared-ptr-class.md), [unique_ptr](../standard-library/unique-ptr-class.md), and [vector](../standard-library/vector.md). For more information, see [Smart Pointers](../cpp/smart-pointers-modern-cpp.md) and [C++ Standard Library](../standard-library/cpp-standard-library-reference.md).
+The careless use of `malloc` and `free` leads to memory leaks and exceptions. To minimize these kinds of leaks and exception problems altogether, avoid allocating raw memory yourself. Instead, use the mechanisms provided by the C++ Standard Library (STL). These include [`shared_ptr`](../standard-library/shared-ptr-class.md), [`unique_ptr`](../standard-library/unique-ptr-class.md), and [`vector`](../standard-library/vector.md). For more information, see [Smart Pointers](../cpp/smart-pointers-modern-cpp.md) and [C++ Standard Library](../standard-library/cpp-standard-library-reference.md).
 
 ## See also
 
 - [Using SAL Annotations to reduce code defects](using-sal-annotations-to-reduce-c-cpp-code-defects.md)
-- [NULL](../c-runtime-library/null-crt.md)
+- [`NULL`](../c-runtime-library/null-crt.md)
 - [Indirection and Address-of Operators](../c-language/indirection-and-address-of-operators.md)
-- [malloc](../c-runtime-library/reference/malloc.md)
-- [free](../c-runtime-library/reference/free.md)
+- [`malloc`](../c-runtime-library/reference/malloc.md)
+- [`free`](../c-runtime-library/reference/free.md)

docs/code-quality/c6014.md

@@ -9,14 +9,20 @@ ms.assetid: ef76ec88-74d2-4a3b-b6fe-4b0851ab3372
 ---
 # Warning C6014
 
-> warning C6014: Leaking memory.
+> Leaking memory '*pointer-name*'.
 
 This warning indicates that the specified pointer points to allocated memory or some other allocated resource that hasn't been freed.
 
 ## Remarks
 
 The analyzer checks for this condition only when the `_Analysis_mode_(_Analysis_local_leak_checks_)` SAL annotation is specified. By default, this annotation is specified for Windows kernel mode (driver) code. For more information about SAL annotations, see [Using SAL Annotations to Reduce C/C++ Code Defects](../code-quality/using-sal-annotations-to-reduce-c-cpp-code-defects.md).
 
+This warning is reported for both memory and resource leaks when the resource is commonly *aliased* to another location. Memory is aliased when a pointer to the memory escapes the function by using an `_Out_` parameter annotation, global variable, or return value. This warning can be reported on function exit if the argument is annotated that its release is expected.
+
+Code Analysis won't recognize the actual implementation of a memory allocator (involving address arithmetic) and won't recognize that memory is allocated (although many wrappers will be recognized). In this case, the analyzer doesn't recognize that the memory was allocated and issues this warning. To suppress the false positive, use a `#pragma warning(disable: 6014)` directive on the line that precedes the opening brace `{` of the function body.
+
+Code analysis name: `MEMORY_LEAK`
+
 ## Examples
 
 The following code generates warning C6014:
@@ -76,10 +82,6 @@ int main( )
 }
 ```
 
-This warning is reported for both memory and resource leaks when the resource is commonly *aliased* to another location. Memory is aliased when a pointer to the memory escapes the function by using an `_Out_` parameter annotation, global variable, or return value. This warning can be reported on function exit if the argument is annotated that its release is expected.
-
-Code Analysis won't recognize the actual implementation of a memory allocator (involving address arithmetic) and won't recognize that memory is allocated (although many wrappers will be recognized). In this case, the analyzer doesn't recognize that the memory was allocated and issues this warning. To suppress the false positive, use a `#pragma` directive on the line that precedes the opening brace `{` of the function body.
-
 To avoid these kinds of potential leaks altogether, use the mechanisms that are provided by the C++ Standard Library (STL). These include [`shared_ptr`](../standard-library/shared-ptr-class.md), [`unique_ptr`](../standard-library/unique-ptr-class.md), and containers such as [`vector`](../standard-library/vector.md). For more information, see [Smart pointers](../cpp/smart-pointers-modern-cpp.md) and [C++ Standard Library](../standard-library/cpp-standard-library-reference.md).
 
 ```cpp

docs/code-quality/c6029.md

@@ -1,23 +1,27 @@
 ---
-description: "Learn more about: C6029"
-title: C6029
-ms.date: 11/04/2016
+description: "Learn more about: Warning C6029"
+title: Warning C6029
+ms.date: 10/04/2022
 ms.topic: reference
-f1_keywords: ["C6029"]
+f1_keywords: ["C6029", "USING_TAINTED_DATA", "__WARNING_USING_TAINTED_DATA"]
 helpviewer_keywords: ["C6029"]
 ms.assetid: 07f89261-1b77-4597-9f34-12ce5d569b60
 ---
-# C6029
+# Warning C6029
 
-> warning C6029: possible buffer overrun in call to \<function>: use of unchecked value
+> Possible buffer overrun in call to '*function*': use of unchecked value
 
-This warning indicates that a function that takes a buffer and a size is being passed a unchecked size. The data read-in from some external source has not been verified to see whether it is smaller than the buffer size. An attacker might intentionally specify a much larger than expected value for the size, which will lead to a buffer overrun.
+## Remarks
 
-Generally, whenever you read data from an untrusted external source, make sure to verify it for validity. It is usually appropriate to verify the size to make sure it is in the expected range.
+This warning indicates that a function that takes a buffer and a size is being passed an unchecked size. The data read-in from some external source hasn't been verified to see whether it's smaller than the buffer size. An attacker might intentionally specify a much larger than expected value for the size, which will lead to a buffer overrun.
+
+Generally, whenever you read data from an untrusted external source, make sure to verify it for validity. It's appropriate to verify the size to make sure it's in the expected range.
+
+Code analysis name: `USING_TAINTED_DATA`
 
 ## Example
 
-The following code generates this warning by calling the annotated function [ReadFile](/windows/desktop/api/fileapi/nf-fileapi-readfile) two times. After the first call, the Post attribute property marks the second parameter value untrusted. Therefore, passing an untrusted value in the second call to `ReadFile` generates this warning as shown in the following code:
+The following code generates this warning by calling the annotated function [`ReadFile`](/windows/desktop/api/fileapi/nf-fileapi-readfile) two times. After the first call, the Post attribute property marks the second parameter value untrusted. Therefore, passing an untrusted value in the second call to `ReadFile` generates this warning as shown in the following code:
 
 ```cpp
 

docs/code-quality/c6031.md

@@ -1,23 +1,27 @@
 ---
-title: C6031
+title: Warning C6031
 description: "Describes C++ Code Analysis warning C6031 and how to resolve it."
-ms.date: 03/16/2020
+ms.date: 10/04/2022
 ms.topic: reference
-f1_keywords: ["C6031"]
+f1_keywords: ["C6031", "RETVAL_IGNORED_FUNC_COULD_FAIL", "__WARNING_RETVAL_IGNORED_FUNC_COULD_FAIL"]
 helpviewer_keywords: ["C6031"]
 ms.assetid: 59e1ef0a-b3ca-4ffa-bcb3-ad2bd22ece22
 ---
-# C6031
+# Warning C6031
 
-> warning C6031: return value ignored: *called-function* could return unexpected value
+> Return value ignored: '*called-function*' could return unexpected value
 
-This warning indicates the caller doesn't check a function's return value for failure. Depending on which function is being called, this defect can lead to seemingly random program misbehavior. That includes crashes and data corruptions in error conditions or low-resource situations.
+## Remarks
+
+Warning C6031 indicates the caller doesn't check a function's return value for failure. Depending on which function is being called, this defect can lead to seemingly random program misbehavior. That includes crashes and data corruptions in error conditions or low-resource situations.
 
 In general, it isn't safe to assume that calls to functions requiring disk, network, memory, or other resources will succeed. The caller should always check the return value and handle error cases appropriately. Also consider using the `_Must_inspect_result_` annotation, which checks that the value is examined in a useful way.
 
+Code analysis name: `RETVAL_IGNORED_FUNC_COULD_FAIL`
+
 ## Example
 
-The following code generates this warning:
+The following code generates warning C6031:
 
 ```cpp
 #include <stdio.h>
@@ -83,7 +87,7 @@ void test_f()
 }
 ```
 
-In cases where it is necessary to ignore the return value of a function, assign the returned value to `std::ignore`. Assigning to `std::ignore` clearly indicates developer intent and helps in future code maintenance.
+In cases where it's necessary to ignore the return value of a function, assign the returned value to `std::ignore`. Assigning to `std::ignore` clearly indicates developer intent and helps in future code maintenance.
 
 ```cpp
 #include <tuple>

docs/code-quality/c6053.md

@@ -1,19 +1,23 @@
 ---
-description: "Learn more about: C6053"
-title: C6053
-ms.date: 11/04/2016
+description: "Learn more about: Warning C6053"
+title: Warning C6053
+ms.date: 10/04/2022
 ms.topic: reference
-f1_keywords: ["C6053"]
+f1_keywords: ["C6053", "MISSING_ZERO_TERMINATION1", "__WARNING_MISSING_ZERO_TERMINATION1"]
 helpviewer_keywords: ["C6053"]
 ms.assetid: 8e25566a-e3b9-470a-820d-64221a877c53
 ---
-# C6053
+# Warning C6053
 
-> warning C6053: call to \<function> may not zero-terminate string \<variable>
+> Call to '*function*' may not zero-terminate string '*variable*'.
 
-This warning indicates that the specified function has been called in such a way that the resulting string might not be zero-terminated. This defect might cause an exploitable buffer overrun or crash. This warning is also generated if an annotated function expects a null terminated string is passed a string that is not null terminated.
+## Remarks
 
-Most C standard library and Win32 string handling functions require and produce zero-terminated strings. A few 'counted string' functions (including `strncpy`, `wcsncpy`, `_mbsncpy`, `_snprintf`, and `snwprintf`) do not produce zero-terminated strings if they exactly fill their buffer. In this case, a subsequent call to a string function that expects a zero-terminated string will go beyond the end of the buffer looking for the zero. The program should make sure that the string ends with a zero. In general, you should pass a length to the 'counted string' function one smaller than the size of the buffer and then explicitly assign zero to the last character in the buffer.
+This warning indicates that the specified function has been called in such a way that the resulting string might not be zero-terminated. This defect might cause an exploitable buffer overrun or crash. This warning is also generated if an annotated function expects a null-terminated string, but you pass a non-null-terminated string.
+
+Most C standard library and Win32 string handling functions require and produce zero-terminated strings. A few 'counted string' functions (including `strncpy`, `wcsncpy`, `_mbsncpy`, `_snprintf`, and `snwprintf`) don't produce zero-terminated strings if they exactly fill their buffer. In this case, a subsequent call to a string function that expects a zero-terminated string will go beyond the end of the buffer looking for the zero. The program should make sure that the string ends with a zero. In general, you should pass a length to the 'counted string' function one smaller than the size of the buffer and then explicitly assign zero to the last character in the buffer.
+
+Code analysis name: `MISSING_ZERO_TERMINATION1`
 
 ## Examples
 
@@ -74,4 +78,4 @@ You should note that this warning is sometimes reported on certain idioms guaran
 ## See also
 
 - [Using SAL Annotations to reduce code defects](using-sal-annotations-to-reduce-c-cpp-code-defects.md)
-- [strncpy_s, _strncpy_s_l, wcsncpy_s, _wcsncpy_s_l, _mbsncpy_s, _mbsncpy_s_l](../c-runtime-library/reference/strncpy-s-strncpy-s-l-wcsncpy-s-wcsncpy-s-l-mbsncpy-s-mbsncpy-s-l.md)
+- [`strncpy_s`, `_strncpy_s_l`, `wcsncpy_s`, `_wcsncpy_s_l`, `_mbsncpy_s`, `_mbsncpy_s_l`](../c-runtime-library/reference/strncpy-s-strncpy-s-l-wcsncpy-s-wcsncpy-s-l-mbsncpy-s-mbsncpy-s-l.md)

docs/code-quality/c6054.md

@@ -1,26 +1,28 @@
 ---
-title: C6054
+title: Warning C6054
 description: "Reference guide to Microsoft C++ code analysis warning C6054."
-ms.date: 04/22/2020
+ms.date: 10/04/2022
 ms.topic: reference
-f1_keywords: ["C6054"]
+f1_keywords: ["C6054", "MISSING_ZERO_TERMINATION2", "__WARNING_MISSING_ZERO_TERMINATION2"]
 helpviewer_keywords: ["C6054"]
 ms.assetid: d573a5c1-7e74-402b-92e6-8085f967aa50
 ---
-# C6054
+# Warning C6054
 
-> warning C6054: string \<variable> may not be zero-terminated
+> String '*variable*' may not be zero-terminated.
 
 ## Remarks
 
 This warning indicates that a function that requires a zero-terminated string was passed a non-zero terminated string. A function that expects a zero-terminated string could look for the zero beyond the end of the buffer. This defect might cause an exploitable buffer overrun error or crash. The program should make sure the string passed in ends with a zero.
 
+Code analysis name: `MISSING_ZERO_TERMINATION2`
+
 ## Example
 
 The following code generates this warning:
 
 ```cpp
-// C6054_bad.cpp
+// Warning C6054_bad.cpp
 // Compile using: cl /W4 /EHsc /c /analyze C6054_bad.cpp
 #include <sal.h>
 
@@ -51,5 +53,5 @@ void g ( )
 
 ## See also
 
-- [C6053](../code-quality/c6053.md)
+- [Warning C6053](../code-quality/c6053.md)
 - [Using SAL Annotations to reduce code defects](using-sal-annotations-to-reduce-c-cpp-code-defects.md)

docs/code-quality/c6059.md

@@ -1,21 +1,25 @@
 ---
-description: "Learn more about: C6059"
-title: C6059
-ms.date: 11/04/2016
+description: "Learn more about: Warning C6059"
+title: Warning C6059
+ms.date: 10/04/2022
 ms.topic: reference
-f1_keywords: ["C6059"]
+f1_keywords: ["C6059", "BAD_CONCATENATION", "__WARNING_BAD_CONCATENATION"]
 helpviewer_keywords: ["C6059"]
 ms.assetid: 343a4cd1-048a-4edf-bb4b-187097bb6093
 ---
-# C6059
+# Warning C6059
 
-> warning C6059: Incorrect length parameter in call to \<function>. Pass the number of remaining characters, not the buffer size of \<variable>
+> Incorrect length parameter in call to '*function*'. Pass the number of remaining characters, not the buffer size of '*variable*'.
 
-This warning indicates that a call to a string concatenation function is probably passing an incorrect value for the number of characters to concatenate. This defect might cause an exploitable buffer overrun or crash. A common cause of this defect is passing the buffer size, instead of the remaining number of characters in the buffer, to the string manipulation function.
+## Remarks
+
+This warning indicates that a call to a string concatenation function is probably passing an incorrect value for the number of characters to concatenate. This defect might cause an exploitable buffer overrun or crash. A common cause of this defect is passing the buffer size (instead of the remaining number of characters in the buffer) to the string manipulation function.
+
+Code analysis name: `BAD_CONCATENATION`
 
 ## Example
 
-The following code generates this warning:
+The following code generates warning C6059:
 
 ```cpp
 #include <string.h>
@@ -27,9 +31,9 @@ void f( )
   char *szState ="Washington";
   char *szCity="Redmond, ";
 
-  strncpy(szTarget,szCity, MAX);
+  strncpy(szTarget, szCity, MAX);
   szTarget[MAX -1] = '\0';
-  strncat(szTarget, szState, MAX); //wrong size
+  strncat(szTarget, szState, MAX); // wrong size
   // code ...
 }
 ```
@@ -46,14 +50,14 @@ void f( )
   char *szState ="Washington";
   char *szCity="Redmond, ";
 
-  strncpy(szTarget,szCity, MAX);
+  strncpy(szTarget, szCity, MAX);
   szTarget[MAX -1] = '\0';
   strncat(szTarget, szState, MAX - strlen(szTarget)); // correct size
   // code ...
 }
 ```
 
-To correct this warning using the safe string manipulation function, see the following code:
+To correct this warning using the safe string manipulation functions `strncpy_s` and `strncat_s`, see the following code:
 
 ```cpp
 #include <string.h>
@@ -66,7 +70,7 @@ void f( )
   size_t nTargetSize = strlen(szState) + strlen(szCity) + 1;
   char *szTarget= new char[nTargetSize];
 
-  strncpy_s(szTarget, nTargetSize, szCity,strlen(szCity));
+  strncpy_s(szTarget, nTargetSize, szCity, strlen(szCity));
   strncat_s(szTarget, nTargetSize, szState,
                     nTargetSize - strlen(szTarget));
   // code ...
@@ -76,5 +80,5 @@ void f( )
 
 ## See also
 
-- [strncpy_s, _strncpy_s_l, wcsncpy_s, _wcsncpy_s_l, _mbsncpy_s, _mbsncpy_s_l](../c-runtime-library/reference/strncpy-s-strncpy-s-l-wcsncpy-s-wcsncpy-s-l-mbsncpy-s-mbsncpy-s-l.md)
-- [strncat_s, _strncat_s_l, wcsncat_s, _wcsncat_s_l, _mbsncat_s, _mbsncat_s_l](../c-runtime-library/reference/strncat-s-strncat-s-l-wcsncat-s-wcsncat-s-l-mbsncat-s-mbsncat-s-l.md)
+- [`strncpy_s`, `_strncpy_s_l`, `wcsncpy_s`, `_wcsncpy_s_l`, `_mbsncpy_s`, `_mbsncpy_s_l`](../c-runtime-library/reference/strncpy-s-strncpy-s-l-wcsncpy-s-wcsncpy-s-l-mbsncpy-s-mbsncpy-s-l.md)
+- [`strncat_s`, `_strncat_s_l`, `wcsncat_s`, `_wcsncat_s_l`, `_mbsncat_s`, `_mbsncat_s_l`](../c-runtime-library/reference/strncat-s-strncat-s-l-wcsncat-s-wcsncat-s-l-mbsncat-s-mbsncat-s-l.md)