C6059

warning C6059: Incorrect length parameter in call to <function>. Pass the number of remaining characters, not the buffer size of <variable>

This warning indicates that a call to a string concatenation function is probably passing an incorrect value for the number of characters to concatenate. This defect might cause an exploitable buffer overrun or crash. A common cause of this defect is passing the buffer size, instead of the remaining number of characters in the buffer, to the string manipulation function.

Example

The following code generates this warning:

#include <string.h>
#define MAX 25

void f( )
{
  char szTarget[MAX];
  char *szState ="Washington";
  char *szCity="Redmond, ";

  strncpy(szTarget,szCity, MAX);
  szTarget[MAX -1] = '\0';
  strncat(szTarget, szState, MAX); //wrong size 
  // code ...                                 
}

To correct this warning, use the correct number of characters to concatenate as shown in the following code:

#include <string.h>
#define MAX 25

void f( )
{
  char szTarget[MAX];
  char *szState ="Washington";
  char *szCity="Redmond, ";

  strncpy(szTarget,szCity, MAX);
  szTarget[MAX -1] = '\0';
  strncat(szTarget, szState, MAX - strlen(szTarget)); // correct size 
  // code ...                                 
}

To correct this warning using the safe string manipulation function, see the following code:

#include <string.h>

void f( )
{
  char *szState ="Washington";
  char *szCity="Redmond, ";

  size_t nTargetSize = strlen(szState) + strlen(szCity) + 1;
  char *szTarget= new char[nTargetSize];

  strncpy_s(szTarget, nTargetSize, szCity,strlen(szCity));
  strncat_s(szTarget, nTargetSize, szState,
                    nTargetSize - strlen(szTarget));
  // code ...
  delete [] szTarget;
}

See Also

Reference

strncpy_s, _strncpy_s_l, wcsncpy_s, _wcsncpy_s_l, _mbsncpy_s, _mbsncpy_s_l

strncat_s, _strncat_s_l, wcsncat_s, _wcsncat_s_l, _mbsncat_s, _mbsncat_s_l