From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by sourceware.org (Postfix) with ESMTPS id 45FAA3858C54 for ; Thu, 11 May 2023 16:29:21 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 45FAA3858C54 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-965ab8ed1c0so1457285566b.2 for ; Thu, 11 May 2023 09:29:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1683822560; x=1686414560; h=in-reply-to:references:cc:to:from:content-language:subject :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=rPJP4jYUpKPTVHYOZsmn0EyEAIsSaLQJAZvyGsUrAGY=; b=JoLpnwtlJdg/DJO9WxOwvDlY7dy4P82lPv5nww0Blc7daVOTpDxjoHqpmzcEegwhJr AHYKPEH0Cm4IClyjfJoGc/CG8YlR8orfJFM9Y5ycpWCNV9uJF0Sg+nSBvVQ1RUYAkq0x 6iSnzAt8XFx8LQIFbQ6Gs4a0wV4lYosiGwc3DmXz/Y6GfkiPAqm3JxV+v9/0ARMtCDjM 6Z5ByzLVi4mXUPZ21G8KYEfIzVFszSJ8D//2hdX2ZGtdLRSQwMXUvSR3OsQdXheXma+b n5nLKCOle1ZLirg4vc/h398TDFFIKR3AmKTjEf/AER6HyhkoZ50TZeJZ1BFhuNiR3Yxu 0Lnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683822560; x=1686414560; h=in-reply-to:references:cc:to:from:content-language:subject :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=rPJP4jYUpKPTVHYOZsmn0EyEAIsSaLQJAZvyGsUrAGY=; b=fyq79VZhYsZVbt2BRqKwNnTv1tHRNGXqh1H1Yne/Q4aFEBE9GHZ64m+ValSNZTL4Sg U3U4l/d+b7r5Xf4rqsDAy8EQLAJWDUG4CuyOtQQ+eZ0HRYq+CB2Z2LIHOWNYeN5DOG2X nzMgNOFdH8Ufb2m50ryQKpKV4nJZ/K47UmuOND5v+BY+6oRYDkdk2/Hz7GW/zpmH2NDg hnJWnuhePq2Uxt4BY5j4IK4Fd6HYcyz2DtDllHX4pkJrlAO418UY7iKNzU+vNS8bYPVu 2osMeqPAv4YnnBWu/sLpo3ioy2VEQBXVRCSipgq6C+/bQ+Rpw9HmZVsf8cMqp0+Ng19U m96Q== X-Gm-Message-State: AC+VfDxiqdQCMX1tOQ765e5nYav49JVdT+4FMhHb1yKUao9P8KFvYgik CZrh6fLu7m/EiRcuDHNHGsRmCtiUDn8= X-Google-Smtp-Source: ACHHUZ5B+WzT6flFPxWjDjC5Flb2QV0H80xKfRtqjahlxGGZ+fYQYbgFijKyo+oqhiKJiBz37L4wiw== X-Received: by 2002:a17:906:9c84:b0:94f:61b2:c990 with SMTP id fj4-20020a1709069c8400b0094f61b2c990mr22883542ejc.25.1683822559811; Thu, 11 May 2023 09:29:19 -0700 (PDT) Received: from [192.168.0.160] ([170.253.51.134]) by smtp.gmail.com with ESMTPSA id jl4-20020a17090775c400b009658475919csm4230769ejc.188.2023.05.11.09.29.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 11 May 2023 09:29:19 -0700 (PDT) Message-ID: <44940599-7b43-99f6-5b09-4f050d645c7b@gmail.com> Date: Thu, 11 May 2023 18:29:10 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Subject: Re: [wish] Flexible array members in unions Content-Language: en-US From: Alejandro Colomar To: GCC Cc: Kees Cook , Alejandro Colomar , Andrew Clayton , Andrew Clayton References: In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------2CRBwjOtBWHmksfEls5c601Y" X-Spam-Status: No, score=-5.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------2CRBwjOtBWHmksfEls5c601Y Content-Type: multipart/mixed; boundary="------------ODGfmI8DPvK5LKVNRf9T2VGe"; protected-headers="v1" From: Alejandro Colomar To: GCC Cc: Kees Cook , Alejandro Colomar , Andrew Clayton , Andrew Clayton Message-ID: <44940599-7b43-99f6-5b09-4f050d645c7b@gmail.com> Subject: Re: [wish] Flexible array members in unions References: In-Reply-To: --------------ODGfmI8DPvK5LKVNRf9T2VGe Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable [CC +=3D Kees, Andrew] [start of thread: ] On 5/11/23 18:07, Alejandro Colomar wrote: > Hi! >=20 > Currently, one can have pseudo-flexible array members in unions with > [0] syntax, but it's not allowed with [] syntax. >=20 > Here's an example of how it is possible today: >=20 > struct s { > ... >=20 > size_t n; > union { > ptrdiff_t off[0]; // [n]; offsets from s->data. > char data[0]; > }; > }; >=20 > which is useful to have a structure with two (or really several) > consecutive flexible arrays: one of offsets, which mark the positions > of data, and another with the actual data. Below goes an example > program, which works fine with GCC, and I believe rewriting it to > not use the union would make it less clear, since I'd need to add > casts to it. >=20 > It works thanks to [0] pseudo-flexible arrays, but it doesn't > compile with C99 flexible arrays. And of course, [0] arrays have > issues with -fstrict-flex-arrays=3D3. >=20 >=20 > $ cat flexi4.c=20 > #include > #include > #include > #include >=20 > struct s { > size_t n; > union { > ptrdiff_t off[0]; > char data[0]; > }; > }; >=20 > int > main(void) > { > char *p; > struct s *s; >=20 > s =3D malloc(offsetof(struct s, off) + > sizeof(ptrdiff_t) * 2 + > sizeof("foobar") + sizeof("baz")); >=20 > s->n =3D 2; > p =3D s->data + sizeof(ptrdiff_t) * s->n; >=20 > s->off[0] =3D p - s->data; > p =3D stpcpy(p, "foobar") + 1; > s->off[1] =3D p - s->data; > p =3D stpcpy(p, "baz") + 1; >=20 > puts(s->data + s->off[0]); > puts(s->data + s->off[1]); >=20 > free(s); > } > $ gcc-13 -Wall -Wextra -Werror -fanalyzer \ > -fsanitize=3Dundefined -fsanitize=3Daddress \ > -D_FORTIFY_SOURCE=3D3 -fstrict-flex-arrays=3D2 \ > flexi4.c=20 > $ ./a.out=20 > foobar > baz > $ gcc-13 -Wall -Wextra -Werror -fanalyzer \ > -fsanitize=3Dundefined -fsanitize=3Daddress \ > -D_FORTIFY_SOURCE=3D3 -fstrict-flex-arrays=3D3 \ > flexi4.c=20 > $ ./a.out=20 > flexi4.c:27:8: runtime error: index 0 out of bounds for type 'ptrdiff_t= [*]' > flexi4.c:29:8: runtime error: index 1 out of bounds for type 'ptrdiff_t= [*]' > flexi4.c:32:23: runtime error: index 0 out of bounds for type 'ptrdiff_= t [*]' > foobar > flexi4.c:33:23: runtime error: index 1 out of bounds for type 'ptrdiff_= t [*]' > baz >=20 >=20 > Would you allow flexible array members in unions? Is there any > strong reason to disallow them? >=20 > Currently, I get: >=20 > $ gcc-13 -Wall -Wextra -fanalyzer \ > -fsanitize=3Dundefined -fsanitize=3Daddress \ > -D_FORTIFY_SOURCE=3D3 -fstrict-flex-arrays=3D3 \ > flexi4-true.c=20 > flexi4-true.c:9:28: error: flexible array member in union > 9 | ptrdiff_t off[]; > | ^~~ > flexi4-true.c:10:28: error: flexible array member in union > 10 | char data[]; > | ^~~~ >=20 >=20 Currently, the Linux kernel has to go through some hoops due to this restriction: $ grepc -tm __DECLARE_FLEX_ARRAY * include/uapi/linux/stddef.h:42: #define __DECLARE_FLEX_ARRAY(TYPE, NAME) \ struct { \ struct { } __empty_ ## NAME; \ TYPE NAME[]; \ } tools/include/uapi/linux/stddef.h:42: #define __DECLARE_FLEX_ARRAY(TYPE, NAME) \ struct { \ struct { } __empty_ ## NAME; \ TYPE NAME[]; \ } $ grep -rnB2 __DECLARE_FLEX_ARRAY * | head include/uapi/rdma/rdma_user_rxe.h-153- __u32 reserved; include/uapi/rdma/rdma_user_rxe.h-154- union { include/uapi/rdma/rdma_user_rxe.h:155: __DECLARE_FLEX_ARRAY(__u8, inline= _data); include/uapi/rdma/rdma_user_rxe.h:156: __DECLARE_FLEX_ARRAY(__u8, atomic= _wr); include/uapi/rdma/rdma_user_rxe.h:157: __DECLARE_FLEX_ARRAY(struct rxe_s= ge, sge); -- include/uapi/scsi/scsi_netlink_fc.h-53- union { include/uapi/scsi/scsi_netlink_fc.h-54- __u32 event_data; include/uapi/scsi/scsi_netlink_fc.h:55: __DECLARE_FLEX_ARRAY(__u8, event= _data_flex); -- --=20 GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5 --------------ODGfmI8DPvK5LKVNRf9T2VGe-- --------------2CRBwjOtBWHmksfEls5c601Y Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE6jqH8KTroDDkXfJAnowa+77/2zIFAmRdF9YACgkQnowa+77/ 2zICaw/8DHzoqMkV/De7gZYVRUI5Q0sZl3IwHs1Q3RLlzrtCGMaUOBm959xbzxHT cBy2HtlSk9DOWN1xs44fcE0izfKSkBJvWZ0JVkIFfvl2XxqiPfaxLQv3P8dmgWMR 5opB7hccduhftrmHOrWzycdL6HX+eiaAgBave0T63GZuybT9YBj0j1X5NrYaqHjT xx9v5DZ/xd2yXZVdotRL1k4bZVGOLEii8EPcMWWU/EUxqCbxxQfllLK+gvevVG1t HVHT8S1iLGs1ZVsTTpc3rS9LsAWM8fJzH0YPzykqhSiFLiZ9aIjUtVjuYoA1vyWI +xuhfP7+wZ/2t/t1kN5yH+erpnozdTR/3h9oscpvWtvxPn5xEIYJwv3Q61FHEMXf tMozLGP1r/jPxoZ0xKqOQvR8knn4A3vWH4I7X/zsom+6m3VM/uenfMdumemP0AVH 3oU8Un0Z46VpRGnkHv+7ITDLTN8YN27yhaXurY6F+1kaEPhUot1ZvjSehLDTR6EL dC6BRnt7416M8MBgzUo7sOJAQJeAuundLhWnW4EU+qVtJP9Po7LGPrZ70v4F563m WgZHBgj0j+zC20bg1cYvNbUWuByXm7hzf4JSwj2k+Kb12zre+qrhprrgwon7CouD O3e90H//yCUD7lZEx3cdOK+qFwF0Pj4rUn+z+kWs2RW+PqzvT/s= =Hft4 -----END PGP SIGNATURE----- --------------2CRBwjOtBWHmksfEls5c601Y--