c++windowscoverity

How to solve this Coverity issue called OVERRUN


I write a C++ code as below and use Coverity to check it. Coverity report OVERRUN error of it, as attached picture shown. But I don't understand what does it mean and how to fix it. Any hint?

wchar_t* GetMainAppPath()
{
    const wchar_t* mainAppName = L"AIScreenshot.exe";
    const wchar_t* agentName = L"AIScreenshotAgent.exe";
    size_t lenOfMainApp = wcsnlen_s(mainAppName, MAX_PATH);
    size_t lenOfAgent = wcsnlen_s(agentName, MAX_PATH);

Part of the error message:

Event overrun-buffer-arg: Overrunning buffer pointed to by "mainAppName" of 17 2-byte elements by passing it to a function which accesses it at element index 259 (byte offset 519) using argument "260ULL".

enter image description here


Solution

  • But I don't understand what does it mean

    It's telling you that the call to wcsnlen_s is reading off the end of your string.

    I'm not going to transcribe the error from your picture of text, but you can read it for yourself. Your string is actually sixteen wchars (followed by a null wide character).

    You told wcsnlen_s that you had PATH_MAX characters, and just want to know where the null wide character is. But this is false, your string object doesn't have that many characters in the first place.

    ... how to fix it ...

    Either stop using a runtime calculation for something you know statically:

        const wchar_t mainAppName[] = L"AIScreenshot.exe";
    
        // remember to subtract 1 for the null wide terminator
        size_t lenOfMainApp = (sizeof(mainAppName)/sizeof(*mainAppName)) - 1;
    

    ... or do the runtime calculation correctly:

        const wchar_t* mainAppName = L"AIScreenshot.exe";
    
        // you know it's terminated, so there's no need to pass a length anyway
        size_t lenOfMainApp = wcslen(mainAppName);
    

    ... or if you really want to keep the original form (for no benefit whatsoever):

        size_t lenOfMainApp = wcsnlen_s(mainAppName,
                                       sizeof mainAppName / sizeof mainAppName[0]);