CA2111: Pointers should not be visible

Note

This article applies to Visual Studio 2015. If you're looking for the latest Visual Studio documentation, use the version selector at the top left. We recommend upgrading to Visual Studio 2019. Download it here

Item Value
TypeName PointersShouldNotBeVisible
CheckId CA2111
Category Microsoft.Security
Breaking Change Breaking

Cause

A public or protected System.IntPtr or System.UIntPtr field is not read-only.

Rule Description

IntPtr and UIntPtr are pointer types that are used to access unmanaged memory. If a pointer is not private, internal, or read-only, malicious code can change the value of the pointer, potentially allowing access to arbitrary locations in memory or causing application or system failures.

If you intend to secure access to the type that contains the pointer field, see CA2112: Secured types should not expose fields.

How to Fix Violations

Secure the pointer by making it read-only, internal, or private.

When to Suppress Warnings

Suppress a warning from this rule if you do not rely on the value of the pointer.

Example

The following code shows pointers that violate and satisfy the rule. Notice that the non-private pointers also violate the rule CA1051: Do not declare visible instance fields.

using System;

namespace SecurityRulesLibrary
{

   public class ExposedPointers
   {
      // Violates rule: PointersShouldNotBeVisible.
      public IntPtr publicPointer1;
      public UIntPtr publicPointer2;
      protected IntPtr protectedPointer;

      // Satisfies the rule.
      internal UIntPtr internalPointer;
      private UIntPtr privatePointer;

      public readonly UIntPtr publicReadOnlyPointer;
      protected readonly IntPtr protectedReadOnlyPointer;
   }
}

CA2112: Secured types should not expose fields

CA1051: Do not declare visible instance fields

See Also

System.IntPtr System.UIntPtr