bwendling wrote:
> After looking at the assembly produced by gcc more, it actually looks like
> it's using the allocation size if it's known in the current context (for
> example if the struct was just malloced in the same function) and otherwise
> returns INT_MAX for the __bdos of a struct containing a flexible array
> member. It's only returning the size based on the __counted_by attribute of
> you ask it for the __bdos of the flexible array member itself.
>
> ```c
> int test(struct posix_acl *acl) {
> return __builtin_dynamic_object_size(acl, 0);
> }
> ```
>
> actually compiles to
>
> ```
> test:
> mov eax, -1
> ret
> ```
>
> using gcc (trunk) on compiler explorer.
I think this is because GCC hasn't (yet) modified their version of
`__builtin_dynamic_object_size` to use the `counted_by` attribute. If you were
to write code that intentionally modified beyond the FAM element, does GCC's
sanitizer catch it?
https://github.com/llvm/llvm-project/pull/111015
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
