C28718
warning C28718: Unannotated buffer
This warning is reported when a buffer that is passed to a function or returned by a function does not have Source Code Annotation Language (SAL) annotations. Static analysis tools can use such annotations to detect buffer overruns. For information about adding annotations, see Using SAL Annotations to Reduce C/C++ Code Defects.
Currently, only non-constant string buffers are diagnosed with this warning. Ideally, all buffers passed as function parameters or returned by functions should be annotated. Arrays of wchar_t or char are candidates for this warning. Unsigned chars currently are not.
Example
The following code example generates this warning.
int foo( LPTSTR buffer, size_t cch );
The following code example avoids this warning.
int foo( _Out_writes_(cch) LPTSTR buffer, size_t cch );
Related topics
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for