From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=udnH=BB=gmail.com=richard.guenther@sourceware.org>
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c])
	by sourceware.org (Postfix) with ESMTPS id A86913857725
	for <gcc@gcc.gnu.org>; Fri, 12 May 2023 06:16:42 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A86913857725
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-lj1-x22c.google.com with SMTP id 38308e7fff4ca-2ac7462d9f1so103927151fa.2
        for <gcc@gcc.gnu.org>; Thu, 11 May 2023 23:16:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1683872201; x=1686464201;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=DQ77bbYOBWbR7855TOK9Zt3KrUSpo4NHUCHmgDZJ62g=;
        b=bgpGGfeumObtoP7a/yB2giMOv9pHEzoAkvIbr/h8DJKZp4A37byiGtjyf8SmVR5ZgI
         5KBM+r/oiJQDUgrXZfg6mWGiqVZgBwkJPdXowy3dGTjk03/mIR7KtQEFo6j4S90Ygn20
         p/BWUPicfqIMynVsqfTcHoYmXJ/yaNnLiLJnPhyxtFY/PqXKHjPwkTR+EKzQObHElcaa
         9o0XeE3cO8m6ECwl8VEXma/uFQ+3Zug7n2kS/g1SrA5sOAjHpDhcYD4zT8603ZqpX+4w
         XW1HLA79sQVhqhnJEfcy1/9+Pl5QdCmMyElnPU/Lwa3zAm21k69KYFbWSc+TlADaZBqc
         ZW1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683872201; x=1686464201;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=DQ77bbYOBWbR7855TOK9Zt3KrUSpo4NHUCHmgDZJ62g=;
        b=ZqDIA8SpvvL4FemFTa3kv2XbaC9LM4cvJbTXxv6GMC2jx4jrfc56ZY8Hg1pMmYHLJE
         od3hLTzbRfwHG1gS5tUWa5WjX8f1cKY+zQwgliswHHEBwXI1qgUNxPAicLTgb3mAWhzx
         mQplkas5mx+lUl8zVw05jgZsojGejU/HwKDyaXVtGFsveilb/bbHS10YNDlj6DnarBbV
         7N9+7/hfQjgDwzBF7V+TV+MSvBzO22xvJdO4s1kPsxvTsJXTY/FqOE6ucJM0dEzGYAqm
         UHn+w3NvHAwjUBpexMggjhDGdnobyyJ+HS2DLCytZ8TUJ92LTJyMFDpXT5dMJTaZpTbS
         GYtg==
X-Gm-Message-State: AC+VfDy+RyAkB9r7uxOEBeU0azWVKdm4rK73BS1rF99qdvHm8Jog4RXs
	gv5LxAZlHA31Y5OkiTLUrgaCFsScQHgbUbwXhY8=
X-Google-Smtp-Source: ACHHUZ5plYpWjO+/pyDX4RwMVfN3iwmYFpQptQPC23Uer5jM/pVdRAQPSCrtf/r5JHqVL3kPDNSxlPFfsuPX+PMLV/E=
X-Received: by 2002:a05:651c:82:b0:2a8:ba49:a811 with SMTP id
 2-20020a05651c008200b002a8ba49a811mr3547726ljq.25.1683872200850; Thu, 11 May
 2023 23:16:40 -0700 (PDT)
MIME-Version: 1.0
References: <ac2550e0-2f5c-3680-08e6-0c224d043036@gmail.com>
 <44940599-7b43-99f6-5b09-4f050d645c7b@gmail.com> <202305111158.C78642624@keescook>
 <74ee73d2-04e-ea8-9430-93929446e925@codesourcery.com> <202305111410.CFE0875F@keescook>
In-Reply-To: <202305111410.CFE0875F@keescook>
From: Richard Biener <richard.guenther@gmail.com>
Date: Fri, 12 May 2023 08:16:28 +0200
Message-ID: <CAFiYyc1JRm6gm8aw2ZQmcycN3AF3hu5wjwGeUgDCN6gRN7UbbA@mail.gmail.com>
Subject: Re: [wish] Flexible array members in unions
To: Kees Cook <keescook@chromium.org>
Cc: Joseph Myers <joseph@codesourcery.com>, Alejandro Colomar <alx.manpages@gmail.com>, 
	GCC <gcc@gcc.gnu.org>, Alejandro Colomar <alx@nginx.com>, Andrew Clayton <a.clayton@nginx.com>, 
	Andrew Clayton <andrew@digital-domain.net>, linux-hardening@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc.gcc.gnu.org>

On Thu, May 11, 2023 at 11:14=E2=80=AFPM Kees Cook via Gcc <gcc@gcc.gnu.org=
> wrote:
>
> On Thu, May 11, 2023 at 08:53:52PM +0000, Joseph Myers wrote:
> > On Thu, 11 May 2023, Kees Cook via Gcc wrote:
> >
> > > On Thu, May 11, 2023 at 06:29:10PM +0200, Alejandro Colomar wrote:
> > > > On 5/11/23 18:07, Alejandro Colomar wrote:
> > > > [...]
> > > > > Would you allow flexible array members in unions?  Is there any
> > > > > strong reason to disallow them?
> > >
> > > Yes please!! And alone in a struct, too.
> > >
> > > AFAICT, there is no mechanical/architectural reason to disallow them
> > > (especially since they _can_ be constructed with some fancy tricks,
> > > and they behave as expected.) My understanding is that it's disallowe=
d
> > > due to an overly strict reading of the very terse language that creat=
ed
> > > flexible arrays in C99.
> >
> > Standard C has no such thing as a zero-size object or type, which would
> > lead to problems with a struct or union that only contains a flexible
> > array member there.
>
> Ah-ha, okay. That root cause makes sense now.

Hmm. but then the workaround

struct X {
  int n;
  union u {
      char at_least_size_one;
      int iarr[];
      short sarr[];
  };
};

doesn't work either.  We could make that a GNU extension without
adverse effects?

Richard.

> Why are zero-sized objects missing in Standard C? Or, perhaps, the better
> question is: what's needed to support the idea of a zero-sized object?
>
> --
> Kees Cook