https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101832
--- Comment #4 from Kees Cook <kees at outflux dot net> ---
It seems like this isn't about crossing field boundaries -- it's asking "how
large is this particular member?" and bos can't know the answer because there
is a flex-array.
Why would
__builtin_object_size(wrap->msg.nlmsg_content, 1);
and
__builtin_object_size(&wrap->msg, 1);
differ?
Or, if bos lacked "introspecition depth" to find the flex-array, why would
__builtin_object_size(msg->nlmsg_content, 1);
and
__builtin_object_size(msg, 1);
be the same?
It seems like the latter pair (same results) is correct, and the former pair
(differing result) is wrong.
