---
description: "Learn more about: Warning C26459"
title: Warning C26459
ms.date: 4/10/2024
f1_keywords: ["C26459", "NO_RAW_POINTER_IN_STL_RANGE_CHECKED"]
helpviewer_keywords: ["C26459"]
---
# Warning C26459

> You called an STL function '%function%' with a raw pointer parameter at position '%position%' that may be unsafe - this relies on the caller to check that the passed values are correct. Consider wrapping your range in a gsl::span and pass as a span iterator (stl.1)

## Remarks

Out of bound writes are one of the leading causes of remote code execution vulnerabilities. One remedy is to use bounds checked data structures like `gsl::span`. This warning identifies cases where Standard Template Library (STL) algorithms operate on raw pointers as output ranges. Raw pointers aren't bounds checked. To prevent vulnerabilities, use `gsl::span` instead.

Code analysis name: `NO_RAW_POINTER_IN_STL_RANGE_CHECKED`

## Example

The following code demonstrates undefined behavior because there isn't any bounds checking and `copy_if` writes beyond the provided storage.

```cpp
void f()
{
    std::vector<int> myints = { 10, 20, 30, 40, 50, 60, 70 };
    int mydestinationArr[7] = { 10, 20, 80 };

    std::copy_if(myints.begin(), myints.end(), mydestinationArr, [](int i) { return !(i<0); }); // Warning: C26459
}
```

To fix the warning, use `gsl::span` to make sure the output range is bounds checked:

```cpp
void f()
{
    std::vector<int> myints = { 10, 20, 30, 40, 50, 60, 70 };
    int mydestinationArr[7] = { 10, 20, 80 };
    gsl::span<int> mySpan{mydestinationArr};

    std::copy_if(myints.begin(), myints.end(), mySpan.begin(), [](int i) { return !(i<0); }); // No warning
}
```