9/29/2022 AM Publish (#4551)

Taojunshen · MugBergerFries · MichaelSquires · web-flow · commit 4e0c557a04e6 · 2022-09-30T01:21:32.000+08:00
* Updated C6101 Mirror of my public PR. Added an example. Added proper spacing between headers and code blocks, matched formatting to my other PRs * Updated C6101 Minor changes in response to Acrolinx report * Updated C6101 More Acrolinx changes, split a run-on sentence * Updated C26495 Matched formatting to my other PRs. Added more information to the example. * Updated C26495 Fixed spelling error * Updated C6200 Matched formatting and wording to my other PRs. Added more information to the example * Updated C6200 Reworded to appease high-lord Acrolinx * Updated C6201 Matched formatting and wording to my other PRs. Matched the example to C6200 since they were functionally the same. * Updated C6200 Fixed output * Updated C6276 Matched formatting and wording with my other PRs. Added more information to the example * Updated C6276 Small to changes at the behest of Acrolinx * Updated C6277 Changed wording slightly, matched formatting and wording to my other PRs * Updated C6277 Changed wording, acquiesced to Acrolinx's request * Updated C6308 Changed wording to be more concise and less hostile. Changed the format and wording to match my other PRs * Updated C6308 Acrolinx changes * Updated C6200 Updated to the new format * Updated C6201 Updated to the new format * Updated C6201 Added code analysis name * Updated C6200 Added code analysis name * Updated C6276 Updated to the new format * Updated C6277 Updated to the new format * Update docs/code-quality/c6200.md Co-authored-by: Michael Squires <11776738+MichaelSquires@users.noreply.github.com> * Update docs/code-quality/c6200.md Co-authored-by: Michael Squires <11776738+MichaelSquires@users.noreply.github.com> * Updated C6200 Spacing fixed * Update docs/code-quality/c6201.md Co-authored-by: Michael Squires <11776738+MichaelSquires@users.noreply.github.com> * Updated C6201 Spacing fixed * Updated C6276 Removed third example and corrected earlier examples. Changed 3 space indentation to 4 to be consistent with my other PRs. Fixed spacing * Updated C6276 Consistent spacing * Updated C6101 Updated to the latest format * Updated C6101 Single backticks and InOut->Inout * Updated C6308 Updated to the new format, spacing made consistent with my other PRs * Updated C26495 Updated to the new format NOTE: This warning has no code analysis name. Per @MichaelSquires instructions, I omitted the usual keywords and 'Code analysis name:' section to match * Update compiler-warning-level-4-c4464.md @corob-msft proposal. I don't warrant it shouldn't be worded in a better way. * Update compiler-warning-level-4-c4464.md typo fix * Updated C6276 UNICODE/ANSI -> wide/narrow * Updated C6276 an -> a * Updated C6276 Updated to display new warning message * Updated C6276 char_t -> char * Updated C6201 Example now correctly shows a stack array * Updated C6200 Made example more obvious that the array was heap-allocated * Updated C6200 Added brackets to delete * Update docs/code-quality/c6308.md Co-authored-by: Michael Squires <11776738+MichaelSquires@users.noreply.github.com> * fix: delete unnecessary asterisk followup fix of MicrosoftDocs#4136 * optimize prime test * Update floating-point-support.md Explain what "ulp" stands for * Updated C6308 Changed example to initialize and declare variable sin the same line * Updates for cpp-docs 4161 * Update integritycheck-require-signature-check.md * alt-text * Update abstract-cpp-component-extensions.md * Add syntax highlighting to atl-mfc-shared * Updated C26495 Added code analysis ID * Updated C6201 Added stack-specific consequence to the description * alt-text updates * customer fix * minor updates * Incorporate changes in rewrite Updates for style and clarity. Also give it an Acrolinx pass. * Clarify version support * Tweak language for minimum support * Add code style, comment @MugBergerFries It's a good idea to use code styling for mentions of variable or class names (especially when they're easily confused generic names like "value"). I also added a comment to the fixed code sample to amplify the change and what it was doing. * acrolinx * cleanup pass * [BULK] DocuTune - Rebranding * alt-text updates * update alt-text * Fix Supported SSH algorithms * Update README.md * Address cpp-docs 4149 __umulh on ARM64 * Add slashes per cpp-docs 4150 * update alt-text code and removed 'experimental' from images * Update clang-support-msbuild.md Updated for better visibility of LLVMToolsVersion property. Note the text was also misleading because it kind of implies that LLVMToolsVersion supports side-by-side version of clang/LLVM in the same `LLVMInstallDir`, but that's not how clang/LLVM works. If you want to select a different version, you need to point it to a different path. * test fix * test fix * test fix * alt-text updates plus acrolinx * acrolinx * Split props file and IDE sections When both path and version are merged in the .props file discussion, a division between the .props approach and the IDE approach seems more natural than repeating the same content twice. * Update to add /std requirement * Test of build checks features * Update cpp-linter-overview.md * Provide F1 links to articles for VS linker properties (#4529) * Update F1 links for Linker Properties * F1 Project: Linker Properties part 1 * Finish Linker properties F1 links * Fix typo * Fix acrolinx related issues * Update dot-xmm.md Fixed overzealous replacement * [BULK UPDATE] DocuTune - Rebranding * Fix missing semicolon * Update files per cpp-docs 4181 * Add /ILK option per cpp-docs 4194 * Update per cpp-docs 4193 * Address cpp-docs 4186 code labels * template function -> function template * Acrolinx fixes. * Tweak language for 4178 update * Updates to main and wmain signatures * Acrolinx and style updates per review * Fix spelling, i18n, style, Acrolinx issues * Fix date. * Updated C6200 Removed extra asterisk in warning output * Updated C6201 Removed extra asterisks * Updated C6277 Removed extra asterisk * Updated C6308 Removed extra asterisk * Use correct warning message for C6201 Incorrectly copied warning message from C6200. * Quote actual warning message Quote the actual message, bad grammar and all, to make search happy. * Remove undefined quotes Simplify. Update date. Remove quotes from fully qualified, since we don't define it. * Give library functions code style Fix date. Also tweak a sentence for readability. Co-authored-by: Samuel Berger <sjamesberger@gmail.com> Co-authored-by: Michael Squires <11776738+MichaelSquires@users.noreply.github.com> Co-authored-by: Brad Litterell <49081806+bradlitterell@users.noreply.github.com> Co-authored-by: opbld17 <opbld17@microsoft.com> Co-authored-by: Colin Robertson <3836425+corob-msft@users.noreply.github.com> Co-authored-by: opbld16 <opbld16@microsoft.com> Co-authored-by: Kisaragi <48310258+KisaragiEffective@users.noreply.github.com> Co-authored-by: Courtney Wales <62625502+Court72@users.noreply.github.com> Co-authored-by: opbld15 <opbld15@microsoft.com> Co-authored-by: TylerMSFT <Tyler.Whitney@microsoft.com> Co-authored-by: Bryan Gold <101299717+19BMG00@users.noreply.github.com> Co-authored-by: Edward Breeveld <42862235+EddieBreeveld@users.noreply.github.com> Co-authored-by: Jeff Borsecnik <36546697+jborsecnik@users.noreply.github.com> Co-authored-by: jsuther1974 <jsuther@microsoft.com> Co-authored-by: Austin Morton <apmorton@users.noreply.github.com> Co-authored-by: Jak Koke <v-jokoke@microsoft.com> Co-authored-by: HO-COOH <42881734+HO-COOH@users.noreply.github.com> Co-authored-by: prmerger-automator[bot] <40007230+prmerger-automator[bot]@users.noreply.github.com> Co-authored-by: James Barnett <v-jabarnett@microsoft.com> Co-authored-by: Dennis Rea <v-denrea@microsoft.com> Co-authored-by: Alex Buck <abuck@microsoft.com> Co-authored-by: Tyler Whitney <tylerw6502@gmail.com> Co-authored-by: ragingo <save.the.world.crush@gmail.com> Co-authored-by: Feng Xu <fenxu@microsoft.com> Co-authored-by: Chuck Walbourn <walbourn@users.noreply.github.com> Co-authored-by: Colin Cooper <72402153+v-ccolin@users.noreply.github.com> Co-authored-by: Lychy <gatelych83@gmail.com> Co-authored-by: chausner <15180557+chausner@users.noreply.github.com> Co-authored-by: Stacyrch140 <102548089+Stacyrch140@users.noreply.github.com> Co-authored-by: Paula Miller <v-paulmi@microsoft.com> Co-authored-by: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com> Co-authored-by: Linda Spiller <93278958+LJSpiller@users.noreply.github.com>
diff --git a/docs/code-quality/c6200.md b/docs/code-quality/c6200.md
@@ -1,46 +1,50 @@
 ---
 description: "Learn more about: C6200"
 title: C6200
-ms.date: 11/04/2016
+ms.date: 08/16/2022
 ms.topic: reference
-f1_keywords: ["C6200"]
+f1_keywords: ["C6200", "INDEX_EXCEEDS_MAX_NONSTACK", "__WARNING_INDEX_EXCEEDS_MAX_NONSTACK"]
 helpviewer_keywords: ["C6200"]
 ms.assetid: bbeb159b-4e97-4317-9a07-bb83cd03069a
 ---
-# C6200
+# Warning C6200
 
-> warning C6200: index \<name> is out of valid index range \<min> to \<max> for non-stack buffer \<variable>
+> Index '*index*' is out of valid index range '*min*' to '*max*' for non-stack buffer '*parameter-name*'
 
-This warning indicates that an integer offset into the specified array exceeds the maximum bounds of that array. This defect might cause random behavior or crashes.
+This warning indicates that an integer offset into the specified non-stack array exceeds the maximum bounds of that array, potentially causing random behavior and/or crashes.
+
+## Remarks
 
 One common cause of this defect is using the size of an array as an index into the array. Because C/C++ array indexing is zero-based, the maximum legal index into an array is one less than the number of array elements.
 
+Code analysis name: INDEX_EXCEEDS_MAX_NONSTACK
+
 ## Example
 
-The following code generates this warning because the **`for`** loop exceeds the index range:
+The following code generates this warning. This issue stems from the **`for`** loop exceeding the index range, attempting to access index 14 (the 15th element) when index 13 (the 14th element) is the last:
 
 ```cpp
-int buff[14]; // array of 0..13 elements
 void f()
 {
-   for (int i=0; i<=14;i++) // i exceeds the index
-   {
-     buff[i]= 0; // warning C6200
-     // code...
-   }
+    int* buff = new int[14]; // array of 0..13 elements
+    for (int i = 0; i <= 14; i++) // i exceeds the index
+    {
+        buff[i] = 0; // warning C6200
+    }
+    delete[] buff;
 }
 ```
 
 To correct both warnings, use correct array size as shown in the following code:
 
 ```cpp
-int buff[14]; // array of 0..13 elements
 void f()
 {
-   for ( int i=0; i < 14; i++) // loop stops when i < 14
-   {
-     buff[i]= 0; // initialize buffer
-    // code...
-   }
+    int* buff = new int[14]; // array of 0..13 elements
+    for (int i = 0; i < 14; i++) // i == 13 on the final iteration
+    {
+        buff[i] = 0; // initialize buffer
+    }
+    delete[] buff;
 }
 ```
diff --git a/docs/code-quality/c6201.md b/docs/code-quality/c6201.md
@@ -1,46 +1,48 @@
 ---
-description: "Learn more about: C6201"
-title: C6201
-ms.date: 11/04/2016
+description: "Learn more about: Warning C6201"
+title: Warning C6201
+ms.date: 09/28/2022
 ms.topic: reference
-f1_keywords: ["C6201"]
+f1_keywords: ["C6201", "INDEX_EXCEEDS_MAX", "__WARNING_INDEX_EXCEEDS_MAX"]
 helpviewer_keywords: ["C6201"]
 ms.assetid: eefbbd77-007c-4f28-95f6-6de5ee6a27db
 ---
-# C6201
+# Warning C6201
 
-> warning C6201: buffer overrun for \<variable>, which is possibly stack allocated: index \<name> is out of valid index range \<min> to \<max>
+> Index '*index-name*' is out of valid index range '*minimum*' to '*maximum*' for possibly stack allocated buffer '*variable*'
 
-This warning indicates that an integer offset into the specified stack array exceeds the maximum bounds of that array. This defect might cause random behavior or crashes.
+This warning indicates that an integer offset into the specified stack array exceeds the maximum bounds of that array. It may potentially cause stack overflow errors, random behavior, or crashes.
+
+## Remarks
 
 One common cause of this defect is using an array's size as an index into the array. Because C/C++ array indexing is zero-based, the maximum legal index into an array is one less than the number of array elements.
 
+Code analysis name: INDEX_EXCEEDS_MAX
+
 ## Example
 
-The following code generates this warning because the array index is out of the valid range:
+The following code generates warning C6201. The **`for`** loop condition exceeds the valid index range for `buff` when it sets `i` to 14, which is one element past the end:
 
 ```cpp
-void f( )
+void f()
 {
-  int buff[25];
-  for (int i=0; i <= 25; i++) // i exceeds array bound
-  {
-    buff[i]=0; // initialize i
-    // code ...
-  }
+    int buff[14]; // array of 0..13 elements
+    for (int i = 0; i <= 14; i++) // i == 14 exceeds the bounds
+    {
+        buff[i] = 0; // initialize buffer
+    }
 }
 ```
 
-To correct both warnings, use the correct array size as shown in the following code:
+To correct the warning, make sure the index stays in bounds. The following code shows the corrected loop condition:
 
 ```cpp
-void f( )
+void f()
 {
-  int buff[25];
-  for (int i=0; i < 25; i++)
-  {
-    buff[i]=0; // initialize i
-    // code ...
-  }
+    int buff[14]; // array of 0..13 elements
+    for (int i = 0; i < 14; i++) // i == 13 on the final iteration
+    {
+        buff[i]= 0; // initialize buffer
+    }
 }
 ```
diff --git a/docs/code-quality/c6276.md b/docs/code-quality/c6276.md
@@ -1,59 +1,50 @@
 ---
 description: "Learn more about: C6276"
 title: C6276
-ms.date: 11/04/2016
+ms.date: 09/28/2022
 ms.topic: reference
-f1_keywords: ["C6276"]
+f1_keywords: ["C6276", "CHAR_TO_WCHAR_CAST", "__WARNING_CHAR_TO_WCHAR_CAST"]
 helpviewer_keywords: ["C6276"]
 ms.assetid: 88f288da-da81-4d32-ab0f-be9d01a2606a
 ---
-# C6276
+# Warning C6276
 
-> warning C6276: Cast between semantically different string types: char* to wchar_t\*. Use of invalid string can lead to undefined behavior
+> Cast between semantically different string types. Use of invalid string can lead to undefined behavior.
 
-This warning indicates a potentially incorrect cast from an ANSI string (`char_t*`) to a UNICODE string (`wchar_t *`). Because UNICODE strings have a character size of 2 bytes, this cast might yield strings that are not correctly terminated. Using such strings with the wcs* library of functions could cause buffer overruns and access violations.
+This warning indicates a potentially incorrect cast from a narrow character string (`char*`) to a wide character string (`wchar_t*`).
 
-## Example
-
-The following code generates this warning:
+## Remarks
 
-```cpp
-#include <windows.h>
-VOID f()
-{
-   WCHAR szBuffer[8];
-   LPWSTR pSrc;
+Because the Microsoft compiler implements wide strings with a character size of 2 bytes, casting from a narrow string might produce strings that aren't correctly terminated. If you use such strings with the `wcs*` functions in the runtime library, they could cause buffer overruns and access violations.
+ 
+Code analysis name: CHAR_TO_WCHAR_CAST
 
-   pSrc = (LPWSTR)"a";
-   wcscpy(szBuffer, pSrc);
-}
-```
+## Example
 
-The following code corrects this warning by appending the letter L to represent the ASCII character as a wide character:
+The following code generates warning C6276. It's caused by an improper cast of the narrow string "a" (2 bytes, one for the 'a' and one for the null terminator) to a wide string (a 2-byte wide character 'a' with no null terminator):
 
 ```cpp
 #include <windows.h>
 
-VOID f()
+void f()
 {
-   WCHAR szBuffer[8];
-   LPWSTR pSrc;
-
-   pSrc = L"a";
-   wcscpy(szBuffer, pSrc);
+    WCHAR szBuffer[8];
+    LPWSTR pSrc;
+    pSrc = (LPWSTR)"a";
+    wcscpy_s(szBuffer, pSrc);
 }
 ```
 
-The following code uses the safe string manipulation function, `wcscpy_s`, to correct this warning:
+The following code corrects this warning. It removes the problem cast and adds an `L` prefix to the string to define it as a properly terminated wide character string:
 
 ```cpp
 #include <windows.h>
 
-VOID f()
+void f()
 {
-   WCHAR szBuffer[8];
-   LPWSTR pSrc;
-   pSrc = L"a";
-   wcscpy_s(szBuffer,8,pSrc);
+    WCHAR szBuffer[8];
+    LPWSTR pSrc;
+    pSrc = L"a";
+    wcscpy_s(szBuffer, pSrc);
 }
 ```
diff --git a/docs/code-quality/c6277.md b/docs/code-quality/c6277.md
@@ -1,21 +1,27 @@
 ---
 description: "Learn more about: C6277"
 title: C6277
-ms.date: 11/04/2016
+ms.date: 09/28/2022
 ms.topic: reference
-f1_keywords: ["C6277"]
+f1_keywords: ["C6277", "CREATEPROCESS_ESCAPE", "__WARNING_CREATEPROCESS_ESCAPE"]
 helpviewer_keywords: ["C6277"]
 ms.assetid: 2b41252a-68c2-4e92-b005-0458db5f4430
 ---
-# C6277
+# Warning C6277
 
-> warning C6277: NULL application name with an unquoted path in call to \<function>: results in a security vulnerability if the path contains spaces
+> NULL application name with an unquoted path in call to '*function-name*': results in a security vulnerability if the path contains spaces
 
-This warning indicates that the application name parameter is null and there might be spaces in the executable path name. In this case, unless the executable name is "fully qualified," there is likely to be a security problem. A malicious user might insert a rogue executable with the same name earlier in the path. To correct this warning, you can specify the application name instead of passing null or if you do pass null for the application name, use quotation marks around the executable path.
+This warning indicates that the application name parameter is null and that there might be spaces in the executable path name.
+
+## Remarks
+
+Unless the executable name is fully qualified, there's likely to be a security problem. A malicious user could insert a rogue executable with the same name earlier in the path. To correct this warning, you can specify the application name instead of passing null. Alternatively, if you do pass null for the application name, use quotation marks around the executable path.
+
+Code analysis name: CREATEPROCESS_ESCAPE
 
 ## Example
 
-The following sample code generates this warning because the application name parameter is null, and the executable path name has a space in it; there is a risk that a different executable could be run because of the way the function parses spaces. For more information, see [CreateProcess](/windows/desktop/api/processthreadsapi/nf-processthreadsapi-createprocessa).
+The following sample code generates warning C6277. The warning is caused by the NULL application name and from the executable path name having a space. Due to how the function parses spaces, there's a risk that a different executable could be run. For more information, see [`CreateProcessA`](/windows/desktop/api/processthreadsapi/nf-processthreadsapi-createprocessa).
 
 ```cpp
 #include <windows.h>
diff --git a/docs/code-quality/c6308.md b/docs/code-quality/c6308.md
@@ -1,68 +1,68 @@
 ---
-title: C6308
+title: Warning C6308
 description: "Understand the causes of Microsoft C/C++ code analysis warning C6308, and learn how to fix them."
-ms.date: 10/23/2020
+ms.date: 09/28/2022
 ms.topic: reference
-f1_keywords: ["C6308"]
+f1_keywords: ["C6308", "REALLOCLEAK", "__WARNING_REALLOCLEAK"]
 helpviewer_keywords: ["C6308"]
 ms.assetid: 1162cd96-9037-4576-9858-0c8361a12559
 ---
-# C6308
+# Warning C6308
 
-> warning C6308: 'realloc' may return null pointer: assigning a null pointer to \<variable>, which is passed as an argument to 'realloc', will cause the original memory block to be leaked
+> 'realloc' may return null pointer: assigning a null pointer to '*parameter-name*', which is passed as an argument to 'realloc', will cause the original memory block to be leaked
 
-This warning indicates a memory leak that is the result of the incorrect use of a reallocation function. Heap reallocation functions do not free the passed buffer if reallocation is unsuccessful. To correct the defect, assign the result of the reallocation function to a temporary, and then replace the original pointer after successful reallocation.
+## Remarks
+
+Heap reallocation functions don't free the passed buffer if reallocation is unsuccessful, potentially resulting in a memory leak if not handled properly. To correct the issue, assign the result of the reallocation function to a temporary variable, and then replace the original pointer after successful reallocation.
+
+Code analysis name: REALLOCLEAK
 
 ## Example
 
-The following sample code generates this warning:
+The following sample code generates warning C6308. This issue stems from the assignment of the return value from `realloc` to `x`. If `realloc` fails and returns a null pointer, then the original memory pointed to by `x` won't be freed:
 
 ```cpp
 #include <malloc.h>
 #include <windows.h>
 
 void f( )
 {
-  char *x;
-  x = (char *) malloc(10);
-  if (x != NULL)
-  {
-    x = (char *) realloc(x, 512);
-    // code...
-    free(x);
-  }
+    char *x = (char *) malloc(10);
+    if (x != NULL)
+    {
+        x = (char *) realloc(x, 512);
+        // code...
+        free(x);
+    }
 }
 ```
 
-To correct this warning, use the following code:
+To resolve the issue, you can create a temporary variable to store the return value of `realloc`. This change allows you to free the previously allocated memory safely if `realloc` fails:
 
 ```cpp
 #include <malloc.h>
 #include <windows.h>
 
 void f()
 {
-  char *x, *tmp;
-
-  x = (char *) malloc(10);
-
-  if (x != NULL)
-  {
-    tmp = (char *) realloc(x,512);
-    if (tmp != NULL)
+    char *x = (char *) malloc(10);
+    if (x != NULL)
     {
-      x = tmp;
+        char *tmp = (char *) realloc(x,512);
+        if (tmp != NULL)
+        {
+            x = tmp;
+        }
+        // code...
+        free(x);
     }
-    // code...
-    free(x);
-  }
 }
 ```
 
-This warning might generate noise if there is a live alias to the buffer-to-be-reallocated at the time of the assignment of the result of the reallocation function.
+This warning might generate noise if there's a live alias to the buffer-to-be-reallocated at the time of the assignment of the result of the reallocation function.
 
-To avoid these kinds of problems altogether, use the mechanisms that are provided by the C++ Standard Template Library (STL). These include [shared_ptr](../standard-library/shared-ptr-class.md), [unique_ptr](../standard-library/unique-ptr-class.md), and [vector](../standard-library/vector.md). For more information, see [Smart Pointers](../cpp/smart-pointers-modern-cpp.md) and [C++ Standard Library](../standard-library/cpp-standard-library-reference.md).
+To avoid these kinds of issues altogether, you can use the mechanisms that are provided by the C++ Standard Template Library (STL). These include [`shared_ptr`](../standard-library/shared-ptr-class.md), [`unique_ptr`](../standard-library/unique-ptr-class.md), and [`vector`](../standard-library/vector.md). For more information, see [Smart pointers](../cpp/smart-pointers-modern-cpp.md) and [C++ Standard Library](../standard-library/cpp-standard-library-reference.md).
 
 ## See also
 
-[C6014](../code-quality/c6014.md)
+[Warning C6014](../code-quality/c6014.md)
