This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Issue with sub-object __builtin_object_size


the following C++ test case:

struct pollfd
    int fd;
    short int events;
    short int revents;

struct Pollfd : public pollfd { };

struct Pollfd myfd[10];

int test (void)
  return __builtin_object_size ((struct pollfd *)myfd, 1);

ends up returning 8 from the "test" routine, not 80.

In the real-world application this test case was extracted from,
this causes a call:

  poll(myfd, count, 0);  // 1 < count < 10

to fail with a "Buffer overflow detected" message at run-time
when building with _FORTIFY_SOURCE = 2 against glibc.  [ Here,
there is no explicit cast, but it is implied by the prototype
of the "poll" routine. ]

(Note that in the real-world application, the derived struct Pollfd
has some member functions to construct and pretty-print the structure,
but has no additional data members.)

>From the __builtin_object_size documentation, it's not immediately
clear to me whether this is supposed to work or not:

   If the least significant
   bit is clear, objects are whole variables, if it is set, a closest
   surrounding subobject is considered the object a pointer points to.

Is the presence of the above cast (explicit or implicit) supposed to
modify the notion of "closest surrounding subobject"?


  Dr. Ulrich Weigand
  GNU/Linux compilers and toolchain

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]