New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
__builtin_object_size(P->M, 1) where M ends with a flex-array behaves like sizeof() #72032
Comments
@llvm/issue-subscribers-clang-frontend Author: Kees Cook (kees)
Using `__builtin_object_size` (and `__builtin_dynamic_object_size`) on a composite structure's member that has a flexible array loses the sense of how large it is.
For example, on a struct that has a flexible array,
But if it is part of a wrapper, it start behaving like
https://godbolt.org/z/YrGsh8Ybs This was recently fixed in GCC: PoC: |
This rabbit hole runs very deep. Consider this: https://godbolt.org/z/v1s6brz9f I would expect the value returned by |
9 looks correct to me. Pointer to a fixed-size array instance of size 9. I think GCC is wrong here. But that's not what this bug is about. This bug is about flexible array members at the end of a composite structure and Clang fails to notice. Here's a shorter PoC: GCC is correct here: we don't know the size of |
Re 9 vs 54, I think GCC is right -- the operand is a pointer to the second |
Hm, actually, no -- the operand should be a |
So what I'm thinking is that an offset into an N-dimensional array is calculated by the formula in Eli Bendersky's blog post: https://eli.thegreenplace.net/2015/memory-layout-of-multi-dimensional-arrays. In the case of
Perhaps that should determine which value to return? |
Using
__builtin_object_size
(and__builtin_dynamic_object_size
) on a composite structure's member that has a flexible array loses the sense of how large it is.For example, on a struct that has a flexible array,
__bdos
correctly says it doesn't know the size (bounded here byalloc_size
):But if it is part of a wrapper, it start behaving like
sizeof()
:https://godbolt.org/z/YrGsh8Ybs
This was recently fixed in GCC:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101832
PoC:
composite.c.txt
The text was updated successfully, but these errors were encountered: