This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] ubsan: remove bogus check for flexible array members


Am Thu, 26 Feb 2015 10:05:14 +0100
Jakub Jelinek <jakub@redhat.com>:

> On Thu, Feb 26, 2015 at 12:59:08AM -0800, Martin Uecker wrote:
> > > No, it is not bogus nor unnecessary.
> > > This isn't about just real flexible arrays, but similar constructs,
> > > C++ doesn't have flexible array members, nor C89, so people use the
> > > GNU extension of struct S { ... ; char a[0]; } instead, or
> > 
> > The GNU extension is still allowed, i.e. not instrumented with
> > the patch.
> > 
> > > use char a[1]; as the last member and still expect to be able to access
> > > s->a[i] for i > 0 say on heap allocations etc.
> > 
> > And this is broken code. I would argue that a user who uses the
> > ubsan *expects* this to be diagnosed. Atleast I was surprised
> > that it didn't catch more out-of-bounds accesses.
> 
> So can you explain what a C++ programmer can do portably? 

Using broken code is not really portable either, because other
compilers diagnose this. Also, we are not talking about breaking
that code - they can simply continue to use that code. They could
just not expect ubsan to not diagnose it. This would make
them aware of the fact that their code is problematic - which is
exactly what I would expect from ubsan.

> It has neither
> flexible array members, nor without GNU extensions zero sized arrays.
> If the array size is constant, perhaps turn the struct into a template,
> but if it is variable?  Ditto for C89 code.
> The amount of code that uses this idiom in the wild is huge.

Ok, I will add an option then. Or should this be language dependent?

Maritn


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]