This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] ubsan: remove bogus check for flexible array members


On Thu, Feb 26, 2015 at 12:59:08AM -0800, Martin Uecker wrote:
> > No, it is not bogus nor unnecessary.
> > This isn't about just real flexible arrays, but similar constructs,
> > C++ doesn't have flexible array members, nor C89, so people use the
> > GNU extension of struct S { ... ; char a[0]; } instead, or
> 
> The GNU extension is still allowed, i.e. not instrumented with
> the patch.
> 
> > use char a[1]; as the last member and still expect to be able to access
> > s->a[i] for i > 0 say on heap allocations etc.
> 
> And this is broken code. I would argue that a user who uses the
> ubsan *expects* this to be diagnosed. Atleast I was surprised
> that it didn't catch more out-of-bounds accesses.

So can you explain what a C++ programmer can do portably?  It has neither
flexible array members, nor without GNU extensions zero sized arrays.
If the array size is constant, perhaps turn the struct into a template,
but if it is variable?  Ditto for C89 code.
The amount of code that uses this idiom in the wild is huge.

	Jakub


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]