From: "Elias Åström" <ryvnf@riseup.net>
To: gcc@gcc.gnu.org
Subject: More relaxed -Wvla option (allowing VLA pointers)
Date: Thu, 19 Sep 2019 19:40:00 -0000 [thread overview]
Message-ID: <904e09370dd617e23679ee02ed20d75c@riseup.net> (raw)
Hi!
Some projects (most notably the linux-kernel) choose to use -Wvla to
warn on
usage of variable length array. The primary reason is usually that it
can
cause stack overflows if the programmer isn't careful, which introduces
a
security vulnerability.
I think an overlooked advantage of VLA's is the ability to create
indexable
multi-dimensional arrays with run-time sizes. These arrays doesn't have
to be
allocated on the stack, they can also be pointers to head-allocated
memory.
VLA's can also be useful to document preconditions on array-sizes in
function-prototypes.
I would like to suggest an option to warn against creating VLA objects
on the
stack, but not for VLA-pointers. When that is enabled the following
scenarios
will not emit warnings:
Scenario 1. Using decayed pointers from VLA's in function parameters
int sum(int n, int a[n]);
Scenario 2. Using pointers and manipulating pointers to VLA objects
float (*matrix1)[n][m] = malloc(sizeof *matrix);
float (*matrix2)[m] = malloc(n * sizeof *matrix);
While creating a VLA object on stack would still emit a warning:
int f(int n) {
int a[n]; // warning for creating a VLA object on the stack
}
Also note that scenario 1 can occur when including header files from a
library
that uses VLA's in function prototypes to annotate dynamic array sizes.
I
personally would like to see more libraries use C99 VLA's to annotate
array
sizes in function prototypes, but it would be annoying if that makes
them
unusable with "-Wvla".
I think this could either be an entirely new option, maybe called
"-Wvla-stack". Or an option to use in combination with -Wvla, maybe
called
"-Wno-vla-pointer" which has the same behavior when used like
"-Wvla -Wno-vla-pointer".
Just thought this would preserve many of the advantages of VLA's for
software
projects hesitant to enable VLAs completely to avoid stack smashing.
You may
implement it if you want, but I would be glad if you would consider it.
Regards,
Elias Åström
reply other threads:[~2019-09-19 19:40 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=904e09370dd617e23679ee02ed20d75c@riseup.net \
--to=ryvnf@riseup.net \
--cc=gcc@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).