shylie/llvm-project
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
llvm-project/clang/test/SemaCXX/array-bounds-strict-flex-arrays.cpp
Bill Wendling 7f93ae8086 [clang] Implement -fstrict-flex-arrays=3 
The -fstrict-flex-arrays=3 is the most restrictive type of flex arrays.
No number, including 0, is allowed in the FAM. In the cases where a "0"
is used, the resulting size is the same as if a zero-sized object were
substituted.

This is needed for proper _FORTIFY_SOURCE coverage in the Linux kernel,
among other reasons. So while the only reason for specifying a
zero-length array at the end of a structure is for specify a FAM,
treating it as such will cause _FORTIFY_SOURCE not to work correctly;
__builtin_object_size will report -1 instead of 0 for a destination
buffer size to keep any kernel internals from using the deprecated
members as fake FAMs.

For example:

  struct broken {
      int foo;
      int fake_fam[0];
      struct something oops;
  };

There have been bugs where the above struct was created because "oops"
was added after "fake_fam" by someone not realizing. Under
__FORTIFY_SOURCE, doing:

  memcpy(p->fake_fam, src, len);

raises no warnings when __builtin_object_size(p->fake_fam, 1) returns -1
and may stomp on "oops."

Omitting a warning when using the (invalid) zero-length array is how GCC
treats -fstrict-flex-arrays=3. A warning in that situation is likely an
irritant, because requesting this option level is explicitly requesting
this behavior.

Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836

Differential Revision: https://reviews.llvm.org/D134902
2022-10-27 10:50:04 -07:00

41 lines
1.3 KiB
C++
Raw Blame History

// RUN: %clang_cc1 -verify=relaxed -fstrict-flex-arrays=1 %s
// RUN: %clang_cc1 -verify=relaxed,strict -fstrict-flex-arrays=2 %s
// RUN: %clang_cc1 -verify=relaxed,strict,very-strict -fstrict-flex-arrays=3 %s
// We cannot know for sure the size of a flexible array.
struct t {
int f;
int a[];
};
void test(t *s2) {
s2->a[2] = 0; // no-warning
}
// Under -fstrict-flex-arrays={1,2,3} `a` is not a flexible array
struct t0 {
int f;
int a[10]; // relaxed-note {{array 'a' declared here}}
};
void test0(t0 *s2) {
s2->a[12] = 0; // relaxed-warning {{array index 12 is past the end of the array (that has type 'int[10]')}}
}
// Under -fstrict-flex-arrays=2 `a` is not a flexible array, but it is under -fstrict-flex-arrays=1
struct t1 {
int f;
int a[1]; // strict-note {{array 'a' declared here}}
};
void test1(t1 *s2) {
s2->a[2] = 0; // strict-warning {{array index 2 is past the end of the array (that has type 'int[1]')}}
}
// Under -fstrict-flex-arrays={1,2} `a` is a flexible array, but not under -fstrict-flex-arrays=3.
struct t2 {
int f;
int a[0]; // very-strict-note {{array 'a' declared here}}
};
void test1(t2 *s2) {
s2->a[2] = 0; // very-strict-warning {{array index 2 is past the end of the array (that has type 'int[0]')}}
}
Reference in New Issue View Git Blame Copy Permalink