caio/clang-p2996
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
05727d94de75e2e98e6ae37c36aeb4f6ca6b2aed
clang-p2996/clang/test/Sema/array-bounds-ptr-arith.c
Bill Wendling 7f93ae8086 [clang] Implement -fstrict-flex-arrays=3 
The -fstrict-flex-arrays=3 is the most restrictive type of flex arrays.
No number, including 0, is allowed in the FAM. In the cases where a "0"
is used, the resulting size is the same as if a zero-sized object were
substituted.

This is needed for proper _FORTIFY_SOURCE coverage in the Linux kernel,
among other reasons. So while the only reason for specifying a
zero-length array at the end of a structure is for specify a FAM,
treating it as such will cause _FORTIFY_SOURCE not to work correctly;
__builtin_object_size will report -1 instead of 0 for a destination
buffer size to keep any kernel internals from using the deprecated
members as fake FAMs.

For example:

  struct broken {
      int foo;
      int fake_fam[0];
      struct something oops;
  };

There have been bugs where the above struct was created because "oops"
was added after "fake_fam" by someone not realizing. Under
__FORTIFY_SOURCE, doing:

  memcpy(p->fake_fam, src, len);

raises no warnings when __builtin_object_size(p->fake_fam, 1) returns -1
and may stomp on "oops."

Omitting a warning when using the (invalid) zero-length array is how GCC
treats -fstrict-flex-arrays=3. A warning in that situation is likely an
irritant, because requesting this option level is explicitly requesting
this behavior.

Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836

Differential Revision: https://reviews.llvm.org/D134902
2022-10-27 10:50:04 -07:00

60 lines
1.9 KiB
C
Raw Blame History

// RUN: %clang_cc1 -verify=expected -Warray-bounds-pointer-arithmetic %s
// RUN: %clang_cc1 -verify=expected -Warray-bounds-pointer-arithmetic %s -fstrict-flex-arrays=0
// RUN: %clang_cc1 -verify=expected,strict -Warray-bounds-pointer-arithmetic %s -fstrict-flex-arrays=2
// RUN: %clang_cc1 -verify=expected,strict -Warray-bounds-pointer-arithmetic %s -fstrict-flex-arrays=3
// Test case from PR10615
struct ext2_super_block{
unsigned char s_uuid[8]; // expected-note {{declared here}}
int ignored; // Prevents "s_uuid" from being treated as a flexible array
// member.
};
void* ext2_statfs (struct ext2_super_block *es,int a) {
return (void *)es->s_uuid + sizeof(int); // no-warning
}
void* broken (struct ext2_super_block *es,int a) {
return (void *)es->s_uuid + 9; // expected-warning {{the pointer incremented by 9 refers past the end of the array (that has type 'unsigned char[8]')}}
}
// Test case reduced from PR11594
struct S {
int n;
};
void pr11594(struct S *s) {
int a[10];
int *p = a - s->n;
}
// Test case reduced from <rdar://problem/11387038>. This resulted in
// an assertion failure because of the typedef instead of an explicit
// constant array type.
struct RDar11387038 {};
typedef struct RDar11387038 RDar11387038Array[1];
struct RDar11387038_Table {
RDar11387038Array z; // strict-note {{array 'z' declared here}}
};
typedef struct RDar11387038_Table *TPtr;
typedef TPtr *TabHandle;
struct RDar11387038_B {
TabHandle x;
};
typedef struct RDar11387038_B RDar11387038_B;
void radar11387038(void) {
RDar11387038_B *pRDar11387038_B;
struct RDar11387038 *y = &(*pRDar11387038_B->x)->z[4]; // strict-warning {{array index 4 is past the end of the array (that has type 'struct RDar11387038[1]')}}
}
void pr51682(void) {
int arr[1];
switch (0) {
case 0:
break;
case 1:
asm goto("" ::"r"(arr[42] >> 1)::failed);
break;
}
failed:;
}
Reference in New Issue View Git Blame Copy Permalink