M, 1) where M ends with a flex-array behaves like sizeof()

kees at outflux dot net via Gcc-bugs Mon, 09 Aug 2021 10:01:41 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101832


            Bug ID: 101832
           Summary: __builtin_object_size(P->M, 1) where M ends with a
                    flex-array behaves like sizeof()
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: kees at outflux dot net
  Target Milestone: ---

Created attachment 51279
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=51279&action=edit
bos1 fails to recognize flex array under specific conditions

It is unclear to me if this is a duplicate of bug 64715.

bos1 in at least one situation fails to notice when a member contains a
flex-array, and returns sizeof() instead of -1. For example:

struct nlmsg {
        __u32           nlmsg_len;
        __u16           nlmsg_type;
        __u16           nlmsg_flags;
        __u32           nlmsg_seq;
        __u32           nlmsg_pid;
        __u8            nlmsg_content[];
};

struct wrapper {
    __u8 a;
    __u8 b;
    struct nlmsg msg;
};


ok:  sizeof(wrap->msg) == 16
ok:  __builtin_object_size(wrap->msg.nlmsg_content, 1) == -1
ok:  __builtin_object_size(&wrap->msg, 0) == -1
WAT: __builtin_object_size(&wrap->msg, 1) == 16 (expected -1)

https://godbolt.org/z/95n4ofT53

[Bug c/101832] New: __builtin_object_size(P->M, 1) where M ends with a flex-array behaves like sizeof()

Reply via email to