On Thu, Feb 09, 2023 at 02:40:57PM +0000, Qing Zhao wrote: > So, the major question here is: > > in addition to the C99 standard flexible array member [ ], shall we include > [0], [1] or even [4] into this extension, and treat the structure with a > trailing [0], [1], or [4] embedded into another structure/union still as > flexible-sized? > > I think that we might need to limit this extension ONLY to C99 standard FAM [ > ]. All other [0], [1], or [4] should be excluded from this extension. The > reasons are: > > 1. The real usages of such GCC extension (embedding structure with FAM into > another structure/union), as my understanding, the old glibc’s <_G_config.h> > (https://gcc.gnu.org/legacy-ml/gcc-patches/2002-08/msg01149.html), and the > bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101832, ONLY involved C99 > standard FAM; > > 2. Embedding a structure with C99 FAM [] into the end of another structure, > and still treat it flexible sized might have more usages, and as discussed > with Kees, it might be reasonable to promote this into a C standard later if > needed. > > So, based on this consideration, I think I should only document the following > as GCC extension: > > struct flex { int length; char data[ ]; }; > struct out_flex { int m; struct flex flex_data; }; > > Issue warnings for the following: (when the structure is not at the end) > > struct out_flex_mid { struct flex flex_data; int m}; > > > However, for the trailing [0], [1], or [4], when such structure embedded into > the end of another structure, We should NOT treat the outer structure as > flexible sized. > Logically, we will NOT issue warnings when such structure is not at the end. > > Let me know if you have any comment or suggestions.
FWIW this all sounds correct to me. -- Kees Cook
