Merge pull request MicrosoftDocs#3120 from hwisungi/master

v-albemi · web-flow · commit 603fe2cbb9de · 2020-09-04T10:35:23.000-07:00
VC Code Analysis - adding help docs for new rules added in 16.8
diff --git a/docs/code-quality/c33001.md b/docs/code-quality/c33001.md
@@ -0,0 +1,60 @@
+---
+title: c33001
+description: C33001 warning for VARIANTs
+keywords: c33001
+author: hwisungi
+ms.author: hwisungi
+ms.date: 06/20/2020
+ms.topic: reference
+f1_keywords: ["C33001"]
+helpviewer_keywords: ["C33001"]
+dev_langs: ["C++"]
+---
+# C33001
+
+> Warning C33001: VARIANT 'var' was cleared when it was uninitialized (expression 'expr')
+
+This warning is triggered when an uninitialized VARIANT is passed into an API such as VariantClear
+that expects an initialized VARIANT.
+
+## Example
+
+```cpp
+#include <Windows.h>
+
+HRESULT foo(bool some_condition)
+{
+    VARIANT var;
+
+    if (some_condition)
+    {
+        //...
+        VariantInit(&var);
+        //...
+    }
+
+    VariantClear(&var);     // C33001
+}
+```
+
+These warnings are corrected by ensuring VariantClear is called only for a properly initialized VARIANT:
+```cpp
+#include <Windows.h>
+
+HRESULT foo(bool some_condition)
+{
+    VARIANT var;
+
+    if (some_condition)
+    {
+        //...
+        VariantInit(&var);
+        //...
+        VariantClear(&var);     // C33001
+    }
+}
+```
+## See also
+
+[C33004](/cpp/code-quality/c33004)
+[C33005](/cpp/code-quality/c33005)
diff --git a/docs/code-quality/c33004.md b/docs/code-quality/c33004.md
@@ -0,0 +1,48 @@
+---
+title: c33004
+description: C33004 warning for VARIANTs
+keywords: c33004
+author: hwisungi
+ms.author: hwisungi
+ms.date: 06/20/2020
+ms.topic: reference
+f1_keywords: ["C33004"]
+helpviewer_keywords: ["C33004"]
+dev_langs: ["C++"]
+---
+# C33004
+
+> Warning C33004: VARIANT 'var', which is marked as _Out_ was cleared before being initialized (expression 'expr')
+
+This warning is triggered when a VARIANT parameter with \_Out\_ SAL annotation, which may not be
+to be initialized on input, is passed to an API such as VariantClear that expects an initialized VARIANT.
+
+## Example
+
+```cpp
+#include <Windows.h>
+
+void t2(_Out_ VARIANT* pv)
+{
+    // ......
+    VariantClear(pv);   // C33004
+    // ......
+}
+```
+
+These warnings are corrected by ensuring VariantClear is called only for a properly initialized VARIANT:
+```cpp
+#include <Windows.h>
+
+void t2(_Out_ VARIANT* pv)
+{
+    VariantInit(pv);
+    // ......
+    VariantClear(pv);   // OK
+    // ......
+}
+```
+## See also
+
+[C33001](/cpp/code-quality/c33001)
+[C33005](/cpp/code-quality/c33005)
diff --git a/docs/code-quality/c33005.md b/docs/code-quality/c33005.md
@@ -0,0 +1,56 @@
+---
+title: c33005
+description: C33005 warning for VARIANTs
+keywords: c33005
+author: hwisungi
+ms.author: hwisungi
+ms.date: 06/20/2020
+ms.topic: reference
+f1_keywords: ["C33005"]
+helpviewer_keywords: ["C33005"]
+dev_langs: ["C++"]
+---
+# C33005
+
+> Warning C33005: VARIANT 'var' was provided as an input or input/output parameter but was not initialized (expression 'expr')
+
+This warning is triggered when an uninitialized VARIANT is passed to a function as input only or input/output
+parameter - for example, a pass-by-refrence parameter without an \_Out\_ SAL annotation.
+
+## Example
+
+```cpp
+#include <Windows.h>
+
+void bar(VARIANT* v);   // v is assumed to be input/output
+
+void foo()
+{
+    VARIANT v;
+    bar(&v);            // C33005
+    // ......
+    VariantClear(&v);   // OK, assumed to be initialized by bar
+}
+```
+
+These warnings are corrected by ensuring to initialize the VARIANT before passing it to a function
+as input-only or input/output.
+
+```cpp
+#include <Windows.h>
+
+void bar(VARIANT* v);   // v is assumed to be input/output
+
+void foo()
+{
+    VARIANT v;
+    VariantInit(&v);
+    bar(&v);            // OK
+    // ......
+    VariantClear(&v);   // OK, assumed to be initialized by bar
+}
+```
+## See also
+
+[C33001](/cpp/code-quality/c33001)
+[C33004](/cpp/code-quality/c33004)
diff --git a/docs/code-quality/c33010.md b/docs/code-quality/c33010.md
@@ -0,0 +1,78 @@
+---
+title: c33010
+description: C33010 warning for enums
+keywords: c33010
+author: hwisungi
+ms.author: hwisungi
+ms.date: 06/20/2020
+ms.topic: reference
+f1_keywords: ["C33010"]
+helpviewer_keywords: ["C33010"]
+dev_langs: ["C++"]
+---
+# C33010
+
+> Warning C33010: Unchecked lower bound for enum 'enum' used as index.
+
+This warning is triggered for an enum that is used as an index into an array,
+if the upper bound is checked for its value, but not the lower bound.
+
+## Example
+
+Code using enumerated types as indexes for arrays will often check for the upper bound
+in order to ensure the index is not out of range. Because an enum variable is signed by default,
+it can have a negative value. If it is used as an index into an array of values or an array of function pointers,
+a negative value can allow arbitrary memory to be read, used, or even executed.
+
+```cpp
+typedef void (*PFN)();
+
+enum class Index
+{
+    Zero,
+    One,
+    Two,
+    Three,
+    Max
+};
+
+void foo(Index idx, PFN(&functions)[5])
+{
+    if (idx > Index::Max)
+        return;
+
+    auto pfn = functions[static_cast<int>(idx)];    // C33010
+    if (pfn != nullptr)
+        (*pfn)();
+    // ......
+}
+```
+These warnings are corrected by checking the index value for lower bound as well:
+
+```cpp
+typedef void (*PFN)();
+
+enum class Index
+{
+    Zero,
+    One,
+    Two,
+    Three,
+    Max
+};
+
+void foo(Index idx, PFN(&functions)[5])
+{
+    if (idx < Index::Zero || idx > Index::Max)
+        return;
+
+    auto pfn = functions[static_cast<int>(idx)];    // OK
+    if (pfn != nullptr)
+        (*pfn)();
+    // ......
+}
+```
+
+## See also
+
+[C33011](/cpp/code-quality/c33011)
diff --git a/docs/code-quality/c33011.md b/docs/code-quality/c33011.md
@@ -0,0 +1,81 @@
+---
+title: c33011
+description: C33011 warning for enums
+keywords: c33011
+author: hwisungi
+ms.author: hwisungi
+ms.date: 06/20/2020
+ms.topic: reference
+f1_keywords: ["C33011"]
+helpviewer_keywords: ["C33011"]
+dev_langs: ["C++"]
+---
+# C33011
+
+> Warning C33011: Unchecked upper bound for enum 'enum' used as index.
+
+This warning is triggered when the lower bound of the enum used as index into an array is checked,
+but the upper bound is not checked.
+
+This warning is triggered for an enum that is used as an index into an array,
+if the lower bound is checked for its value, but not the upper bound.
+
+
+## Example
+
+Code that uses enumerated types as indexes for arrays must check the enum value for both lower and
+upper bounds. If the enum value is checked only for the lower bound before used to index into an array of values
+or an array of function pointers, then it can allow arbitrary memory to be read, used, or even executed.
+
+```cpp
+typedef void (*PFN)();
+
+enum class Index
+{
+    Zero,
+    One,
+    Two,
+    Three,
+    Max
+};
+
+void foo(Index idx, PFN(&functions)[5])
+{
+    if (idx < Index::Zero)
+        return;
+
+    auto pfn = functions[static_cast<int>(idx)];    // C33011
+    if (pfn != nullptr)
+        (*pfn)();
+    // ......
+}
+```
+These warnings are corrected by declaring the enum as enum class:
+
+```cpp
+typedef void (*PFN)();
+
+enum class Index
+{
+    Zero,
+    One,
+    Two,
+    Three,
+    Max
+};
+
+void foo(Index idx, PFN(&functions)[5])
+{
+    if (idx < Index::Zero || idx > Index::Max)
+        return;
+
+    auto pfn = functions[static_cast<int>(idx)];    // OK
+    if (pfn != nullptr)
+        (*pfn)();
+    // ......
+}
+```
+
+## See also
+
+[C33010](/cpp/code-quality/c33010)
diff --git a/docs/code-quality/c33020.md b/docs/code-quality/c33020.md
@@ -0,0 +1,44 @@
+---
+title: c33020
+description: C33020 warning for HRESULTs
+keywords: c33020
+author: hwisungi
+ms.author: hwisungi
+ms.date: 06/20/2020
+ms.topic: reference
+f1_keywords: ["C33020"]
+helpviewer_keywords: ["C33020"]
+dev_langs: ["C++"]
+---
+# C33020
+
+> Warning C33020: Likely incorrect HRESULT usage detected.
+
+This is high-confidence warning indicating that HRESULT-returning function returns FALSE or false.
+
+## Example
+
+```cpp
+#include <Windows.h>
+
+HRESULT foo()
+{
+    // ......
+    return FALSE; // C33020
+}
+```
+
+These warnings are corrected by using proper HRESULT value:
+```cpp
+#include <Windows.h>
+
+HRESULT foo()
+{
+    // ......
+    return E_FAIL; // OK
+}
+```
+
+## See also
+
+[C33022](/cpp/code-quality/c33022)
diff --git a/docs/code-quality/c33022.md b/docs/code-quality/c33022.md
diff --git a/docs/code-quality/toc.yml b/docs/code-quality/toc.yml
