Repo sync for protected CLA branch

docs/code-quality/c28308.md

@@ -1,21 +1,50 @@
 ---
 description: "Learn more about: Warning C28308"
 title: Warning C28308
-ms.date: 11/04/2016
-f1_keywords: ["C28308"]
+ms.date: 03/07/2023
+f1_keywords: ["C28308", "BAD_FORMAT_ARGUMENT_POSITION", "__WARNING_BAD_FORMAT_ARGUMENT_POSITION"]
 helpviewer_keywords: ["C28308"]
-ms.assetid: 2be46de3-844e-4cd6-a97f-d5c12ac9dc31
 ---
 # Warning C28308
 
 > The format list argument position specified by the annotation is incorrect.
 
-The format list argument position must be either a parameter name, or an integer offset that's in the parameter list, or zero.
+## Remarks
 
-The second parameter to `IsFormatString2` (`where`) can be in one of two forms:
+This warning indicates a `_*_format_strings_param(position)` SAL annotation is specifying an invalid position for the first parameter to the format string. The annotation helps the checker verify `printf` style formatting strings passed to the function. Other format string validity checks that rely on this annotation won't run as a result of this warning.
 
-- A parameter name, which is taken as the first argument to the format string.
+The `_*_format_strings_param(position)` SAL annotation is attached to the formatting string argument. `position` must be in one of these forms:
 
-- An offset (`n`) relative to the format-string parameter.
+- An identifier, which is taken as the first argument to the format string. When the identifier isn't the name of a parameter to the function, a warning is emitted.
+- A positive integer offset relative to the format-string parameter where `1` is the next parameter. When the offset is out of bounds for the parameters, a warning is emitted.
+- The value `0`, which is interpreted as the `...` parameter. When the function isn't variadic, a warning is emitted.
 
-  In the second form, the first format-string parameter is the `n`-th argument after the format string. If `n` is zero, an ellipsis is specified as the parameter. Specifying an offset of zero without specifying the ellipsis as the first format-string parameter will cause an error.
+One limitation of this check, is that it's run at the function call site and not at the declaration. This limitation is a side effect of the lazy evaluation of SAL annotations.
+
+## Examples
+
+In this example, there's a specialized function for logging coordinates. The params annotation specifies the `...` parameter, which doesn't exist.
+
+```cpp
+void LogCoordinate(_Printf_format_string_params_(0) _In_ char *format, int x, int y);
+
+void func(int x, int y)
+{
+    LogCoordinate("(%d, %d)", x, y);
+}
+```
+
+This issue is fixed by changing the annotated position to `x` or `1`. To determine the correct value for your code, check the behavior of the called function.
+
+```cpp
+void LogCoordinate(_Printf_format_string_params_(1) _In_ char *format, int x, int y);
+
+void func(int x, int y)
+{
+    LogCoordinate("(%d, %d)", x, y);
+}
+```
+
+## See also
+
+[Annotating function parameters and return values](./annotating-function-parameters-and-return-values.md)

docs/code-quality/c6063.md

@@ -1,10 +1,9 @@
 ---
 description: "Learn more about: Warning C6063"
 title: Warning C6063
-ms.date: 10/04/2022
+ms.date: 2/22/2023
 f1_keywords: ["C6063", "MISSING_STRING_ARGUMENT_TO_FORMAT_FUNCTION", "__WARNING_MISSING_STRING_ARGUMENT_TO_FORMAT_FUNCTION"]
 helpviewer_keywords: ["C6063"]
-ms.assetid: 9a4b0684-6c13-4242-a1ab-97980b6cfdc4
 ---
 # Warning C6063
 
@@ -21,18 +20,18 @@ Code analysis name: `MISSING_STRING_ARGUMENT_TO_FORMAT_FUNCTION`
 The following code generates this warning:
 
 ```cpp
-#include <string.h>
+#include <stdio.h>
 void f( )
 {
   char buff[15];
   sprintf(buff, "%s %s", "Hello, World!");
 }
 ```
 
-To correct this warning, provide the required arguments as shown in the following code:
+To correct this warning, remove the unused format specifier or provide the required arguments as shown in the following code:
 
 ```cpp
-#include <string.h>
+#include <stdio.h>
 void f( )
 {
   char buff[15];
@@ -43,7 +42,7 @@ void f( )
 The following code corrects this warning using safe string manipulation function:
 
 ```cpp
-#include <string.h>
+#include <stdio.h>
 void f( )
 {
   char buff[15];
@@ -53,4 +52,5 @@ void f( )
 
 ## See also
 
+[Format specification syntax: printf and wprintf functions](../c-runtime-library/format-specification-syntax-printf-and-wprintf-functions.md)\
 [sprintf_s, _sprintf_s_l, swprintf_s, _swprintf_s_l](../c-runtime-library/reference/sprintf-s-sprintf-s-l-swprintf-s-swprintf-s-l.md)

docs/code-quality/c6065.md

@@ -0,0 +1,46 @@
+---
+description: "Learn more about: Warning C6065"
+title: Warning C6065
+ms.date: 2/22/2023
+f1_keywords: ["C6065", "MISSING_COUNTED_STRING_ARGUMENT_TO_FORMAT_FUNCTION", "__MISSING_COUNTED_STRING_ARGUMENT_TO_FORMAT_FUNCTION"]
+helpviewer_keywords: ["C6065"]
+---
+# Warning C6065
+
+> warning C6065: Missing pointer to '*string type*' argument to '*function*' that corresponds to argument 'number'
+
+## Remarks
+
+This warning indicates that there's a mismatch between the format specifiers in a string and the types of the associated parameters. The format specifier indicates that at least one of the mismatched arguments should be a pointer to a counted string such as `UNICODE_STRING` or `ANSI_STRING` but it not. This defect can cause crashes, buffer overflows, and potentially incorrect output.
+
+To fix this warning, determine if the format specifier or the argument matches the intended behavior and modify the other to match. When modifying the format specifier for a counted string, it's recommended to explicitly use the size prefix such as `%wZ` or `%hZ` rather than `%Z` due to compatibility issues between C runtimes (CRT).  For more information on CRT compatibility, see the `%Z` row in the [Type field characters documentation](../c-runtime-library/format-specification-syntax-printf-and-wprintf-functions.md#type-field-characters).
+
+Code analysis name: `MISSING_COUNTED_STRING_ARGUMENT_TO_FORMAT_FUNCTION`
+
+## Example
+
+The following code generates this warning because the value passed to printf isn't a pointer:
+
+```cpp
+int PrintDiagnostic(UNICODE_STRING u)
+{
+    printf("%wZ", u);
+}
+```
+
+In this example, we fix the warning by changing the passed in parameter to be a pointer:
+
+```cpp
+int PrintDiagnostic(UNICODE_STRING u)
+{
+    printf("%wZ", &u);
+}
+```
+
+## See also
+
+[format specification syntax: printf and wprintf functions](../c-runtime-library/format-specification-syntax-printf-and-wprintf-functions.md)\
+[`sprintf_s, _sprintf_s_l, swprintf_s, _swprintf_s_l`](../c-runtime-library/reference/sprintf-s-sprintf-s-l-swprintf-s-swprintf-s-l.md)\
+[`UNICODE_STRING`](/windows/win32/api/ntdef/ns-ntdef-_unicode_string)\
+[`ANSI_STRING/_STRING`](/windows/win32/api/ntdef/ns-ntdef-string)\
+[C4313](../error-messages/compiler-warnings/compiler-warning-level-1-c4313.md)

docs/code-quality/c6066.md

@@ -1,10 +1,9 @@
 ---
 description: "Learn more about: Warning C6066"
 title: Warning C6066
-ms.date: 10/04/2022
+ms.date: 3/02/2023
 f1_keywords: ["C6066", "NON_POINTER_ARGUMENT_TO_FORMAT_FUNCTION", "__WARNING_NON_POINTER_ARGUMENT_TO_FORMAT_FUNCTION"]
 helpviewer_keywords: ["C6066"]
-ms.assetid: f03c9cf1-d8eb-4731-a66a-da7c924616fb
 ---
 # Warning C6066
 
@@ -32,8 +31,7 @@ void f( )
 
 void g( int i )
 {
-   int   result;
-   result = scanf( "%d", i ); // warning C6066
+   int result = scanf( "%d", i ); // warning C6066
    // code ...
 }
 ```
@@ -47,15 +45,12 @@ To correct this warning, the following code passes correct parameters to the `sp
 void f( )
 {
    char buff[MAX];
-
    sprintf( buff, "%s %p %d", "Hello, World!", buff, MAX ); // pass buff
    // code ...
 }
 void g( int i )
 {
-   int   result;
-   // code ...
-   result = scanf( "%d", &i ); // pass the address of i
+   int result = scanf( "%d", &i ); // pass the address of i
    // code ...
 }
 ```
@@ -66,15 +61,12 @@ The following code uses safe string manipulation functions `sprintf_s` and `scan
 void f( )
 {
    char buff[MAX];
-
    sprintf_s( buff, sizeof(buff), "%s %p %d", "Hello, World!", buff, MAX );
    // code ...
 }
 void g( int i )
 {
-   int result;
-   // code ...
-   result = scanf_s( "%d", &i );
+   int result = scanf_s( "%d", &i );
    // code ...
 }
 ```
@@ -83,5 +75,8 @@ This warning is typically reported because an integer has been used for a `%p` f
 
 ## See also
 
-- [`sprintf_s`, `_sprintf_s_l`, `swprintf_s`, `_swprintf_s_l`](../c-runtime-library/reference/sprintf-s-sprintf-s-l-swprintf-s-swprintf-s-l.md)
-- [`scanf_s`, `_scanf_s_l`, `wscanf_s`, `_wscanf_s_l`](../c-runtime-library/reference/scanf-s-scanf-s-l-wscanf-s-wscanf-s-l.md)
+[Format specification syntax: printf and wprintf functions](../c-runtime-library/format-specification-syntax-printf-and-wprintf-functions.md)\
+[`sprintf_s`, `_sprintf_s_l`, `swprintf_s`, `_swprintf_s_l`](../c-runtime-library/reference/sprintf-s-sprintf-s-l-swprintf-s-swprintf-s-l.md)\
+[`scanf_s`, `_scanf_s_l`, `wscanf_s`, `_wscanf_s_l`](../c-runtime-library/reference/scanf-s-scanf-s-l-wscanf-s-wscanf-s-l.md)\
+[C4313](../error-messages/compiler-warnings/compiler-warning-level-1-c4313.md)\
+[C4477](../error-messages/compiler-warnings/C4477.md)

docs/code-quality/c6067.md

@@ -1,15 +1,16 @@
 ---
 description: "Learn more about: Warning C6067"
 title: Warning C6067
-ms.date: 11/04/2016
+ms.date: 3/02/2023
 f1_keywords: ["C6067", "NON_STRING_ARGUMENT_TO_FORMAT_FUNCTION", "__WARNING_NON_STRING_ARGUMENT_TO_FORMAT_FUNCTION"]
 helpviewer_keywords: ["C6067"]
-ms.assetid: 6fbaee53-daaa-4ba5-9b11-2a8066d86240
 ---
 # Warning C6067
 
 > Parameter '*number*' in call to '*function*' must be the address of the string
 
+## Remarks
+
 This warning indicates a mismatch between the format specifier and the function parameter. Even though the warning suggests using the address of the string, you must check the type of parameter a function expects before correcting the problem. For example, a `%s` specification for `printf` requires a string argument, but a `%s` specification in `scanf` requires an address of the string.
 
 This defect is likely to cause a crash or corruption of some form.
@@ -26,7 +27,7 @@ The following code generates this warning because an integer is passed instead o
 void f_defective()
 {
   char *str = "Hello, World!";
-  printf("String:\n %s", 1); // warning
+  printf("String:\n %s", 1);
   // code ...
 }
 ```
@@ -98,6 +99,9 @@ void f_safe()
 
 ## See also
 
-- [sprintf\_s, \_sprintf\_s\_l, swprintf\_s, \_swprintf\_s\_l](../c-runtime-library/reference/sprintf-s-sprintf-s-l-swprintf-s-swprintf-s-l.md)
-- [printf, \_printf\_l, wprintf, \_wprintf\_l](../c-runtime-library/reference/printf-printf-l-wprintf-wprintf-l.md)
-- [scanf\_s, \_scanf\_s\_l, wscanf\_s, \_wscanf\_s\_l](../c-runtime-library/reference/scanf-s-scanf-s-l-wscanf-s-wscanf-s-l.md)
+[Format specification syntax: printf and wprintf functions](../c-runtime-library/format-specification-syntax-printf-and-wprintf-functions.md)\
+[sprintf\_s, \_sprintf\_s\_l, swprintf\_s, \_swprintf\_s\_l](../c-runtime-library/reference/sprintf-s-sprintf-s-l-swprintf-s-swprintf-s-l.md)\
+[printf, \_printf\_l, wprintf, \_wprintf\_l](../c-runtime-library/reference/printf-printf-l-wprintf-wprintf-l.md)\
+[scanf\_s, \_scanf\_s\_l, wscanf\_s, \_wscanf\_s\_l](../c-runtime-library/reference/scanf-s-scanf-s-l-wscanf-s-wscanf-s-l.md)\
+[C4313](../error-messages/compiler-warnings/compiler-warning-level-1-c4313.md)\
+[C4477](../error-messages/compiler-warnings/C4477.md)

docs/code-quality/c6270.md

@@ -1,20 +1,17 @@
 ---
 description: "Learn more about: Warning C6270"
 title: Warning C6270
-ms.date: 10/03/2022
+ms.date: 3/03/2023
 f1_keywords: ["C6270", "MISSING_FLOAT_ARGUMENT_TO_FORMAT_FUNCTION", "__WARNING_MISSING_FLOAT_ARGUMENT_TO_FORMAT_FUNCTION"]
 helpviewer_keywords: ["C6270"]
-ms.assetid: 34467f6e-98cf-489c-ae5e-c08a744d86c3
 ---
 # Warning C6270
 
 > Missing float argument to '*function-name*': add a float argument corresponding to conversion specifier '*number*'
 
-This warning indicates that not enough arguments are provided to match a format string; at least one of the missing arguments is a floating-point number.
-
 ## Remarks
 
-This defect can lead to crashes, in addition to potentially incorrect output.
+This warning indicates that not enough arguments are provided to match a format string.  At least one of the missing arguments is a floating-point number. This defect can lead to crashes, in addition to potentially incorrect output.
 
 Code analysis name: `MISSING_FLOAT_ARGUMENT_TO_FORMAT_FUNCTION`
 
@@ -42,5 +39,7 @@ void f()
 
 ## See also
 
+[Format specification syntax: printf and wprintf functions](../c-runtime-library/format-specification-syntax-printf-and-wprintf-functions.md)\
 [`sprintf`, `_sprintf_l`, `swprintf`, `_swprintf_l`, `__swprintf_l`](../c-runtime-library/reference/sprintf-sprintf-l-swprintf-swprintf-l-swprintf-l.md)\
-[`sprintf_s`, `_sprintf_s_l`, `swprintf_s`, `_swprintf_s_l`](../c-runtime-library/reference/sprintf-s-sprintf-s-l-swprintf-s-swprintf-s-l.md)
+[`sprintf_s`, `_sprintf_s_l`, `swprintf_s`, `_swprintf_s_l`](../c-runtime-library/reference/sprintf-s-sprintf-s-l-swprintf-s-swprintf-s-l.md)\
+[C4473](../error-messages/compiler-warnings/C4473.md)

docs/code-quality/c6271.md

@@ -1,18 +1,17 @@
 ---
 description: "Learn more about: Warning C6271"
 title: Warning C6271
-ms.date: 11/04/2016
+ms.date: 3/06/2023
 f1_keywords: ["C6271", "EXTRA_ARGUMENT_TO_FORMAT_FUNCTION", "__WARNING_EXTRA_ARGUMENT_TO_FORMAT_FUNCTION"]
 helpviewer_keywords: ["C6271"]
-ms.assetid: 24703b17-5bdc-4f97-a56a-b2ea48bacc43
 ---
 # Warning C6271
 
-> Extra argument passed to '*function*': parameter '*number*' is not used by the format string
+> Extra argument passed to '*function*'
 
 ## Remarks
 
-This warning indicates that additional arguments are being provided beyond the ones specified by the format string. By itself, this defect won't have any visible effect although it indicates that the programmer's intent isn't reflected in the code.
+This warning indicates that extra arguments are being provided beyond the ones specified by the format string. By itself, this defect doesn't have any visible effect although it indicates that the programmer's intent isn't reflected in the code.
 
 Code analysis name: `EXTRA_ARGUMENT_TO_FORMAT_FUNCTION`
 
@@ -22,44 +21,44 @@ The following sample code generates this warning:
 
 ```cpp
 #include <stdio.h>
-#include <string.h>
 
 void f()
 {
    char buff[5];
 
-   sprintf(buff,"%d",1,2);
+   sprintf(buff, "%d", 1, 2);
 }
 ```
 
-To correct this warning, use the following sample code:
+To correct this warning, remove the unused parameter or modify the format string to take it into account:
 
 ```cpp
 #include <stdio.h>
-#include <string.h>
 
 void f()
 {
    char buff[5];
 
-   sprintf(buff,"%d, %d",1,2);
+   sprintf(buff, "%d, %d", 1, 2);
 }
 ```
 
 The following sample code calls the safe string manipulation function, `sprintf_s`, to correct this warning:
 
 ```cpp
 #include <stdio.h>
-#include <string.h>
 
 void f()
 {
    char buff[5];
 
-   sprintf_s( buff, 5,"%s %d", 1,2 ); //safe version
+   sprintf_s( buff, 5, "%d %d", 1, 2 ); //safe version
 }
 ```
 
 ## See also
 
-[sprintf, _sprintf_l, swprintf, _swprintf_l, \__swprintf_l](../c-runtime-library/reference/sprintf-sprintf-l-swprintf-swprintf-l-swprintf-l.md)
+[Format specification syntax: printf and wprintf functions](../c-runtime-library/format-specification-syntax-printf-and-wprintf-functions.md)\
+[`sprintf`, `_sprintf_l`, `swprintf`, `_swprintf_l`, `__swprintf_l`](../c-runtime-library/reference/sprintf-sprintf-l-swprintf-swprintf-l-swprintf-l.md)\
+[`sprintf_s`, `_sprintf_s_l`, `swprintf_s`, `_swprintf_s_l`](../c-runtime-library/reference/sprintf-s-sprintf-s-l-swprintf-s-swprintf-s-l.md)\
+[C4474](../error-messages/compiler-warnings/compiler-warnings-c4400-through-c4599.md)