Re: [RFC][PATCH v1 0/4] Allow flexible array members in unions and alone in structures [PR53548]

[Kees Cook]

On Fri, Apr 19, 2024 at 06:43:13PM +, Qing Zhao wrote:
> Therefore, GCC needs to explicitly allow such extensions directly for C99
> flexible arrays, since flexable array member in unions or alone in structs
> are common code patterns in active use by the Linux kernel (and other 
> projects).

Thank you for fixing this! :) This will make conversions much much
easier for the Linux kernel (and future userspace programs).

I've tested these patches and everything behaves like I'd expect.

-Kees

-- 
Kees Cook

[RFC][PATCH v1 0/4] Allow flexible array members in unions and alone in structures [PR53548]

[Qing Zhao]

Hi,

The request for GCC to accept that the C99 flexible array member can be
in a union or alone in a struct has been made a long time ago around 2012 
for supporting several practical cases including glibc.

A GCC PR has been opened for such request at that time:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53548

However, this PR was closed as WONTFIX around 2015 due to the following reason:

"there is an existing extension that makes the requested functionality possible"
i.e GCC fully supported that the zero-length array can be in union or alone
in structs for a long time. (though I didn't see any official documentation on
such extension)

It's reasonable to close PR53548 at that time since zero-length array extension
can be used for such purpose.

However, since GCC13, in order to improve the C/C++ security, we introduced
-fstrict-flex-arrays=n to gradually eliminate the "fake flexible array"
usages from C/C++ source code. As a result, zero-lenghth arrays eventually 
will be replaced by C99 flexiable array member completely.   

Therefore, GCC needs to explicitly allow such extensions directly for C99
flexible arrays, since flexable array member in unions or alone in structs
are common code patterns in active use by the Linux kernel (and other projects).

For example, these do not error by default with GCC:

union one {
int a;
int b[0];
};

union two {
int a;
struct {
struct { } __empty;
int b[];
};
};

But these do:

union three {
int a;
int b[];
};

struct four {
int b[];
}

Clang has supported such extensions since March, 2024
https://github.com/llvm/llvm-project/pull/84428

GCC should also support such extensions. This will allow for
a seamless transition for code bases away from zero-length arrays without
losing existing code patterns. 

The patch set includes:

  1. Documentation change.
 Allow flexible array members in unions and alone in structures
 [PR53548]
  2. C and C++ FE changes to support flexible array members in unions and
alone in structures.
  3. Add testing cases for flexible array members in unions and alone in
structures.
  4. Adjust testcases for flexible array member in union and alone in
structure extension.