> On Sep 10, 2024, at 14:09, Jakub Jelinek <ja...@redhat.com> wrote:
>
> On Tue, Sep 10, 2024 at 06:02:45PM +0000, Qing Zhao wrote:
>>> #define alloc(P, FAM, COUNT) ({ \
>>> __auto_type __p = &(P); \
>>> __auto_type __c = (COUNT); \
>>> size_t __size = sizeof(*(*__p)) + sizeof(*(*__p)->FAM) * __c; \
>
> Shouldn't that be
> size_t __size = offsetof(__typeof(*__p), FAM) + sizeof(*(*__p)->FAM) * __c; \
> ?
Yeah, I think that the correct size computation should be:
#define MAX(A, B) (A > B) ? (A) : (B)
size_t __size = MAX (sizeof (*(*__p)), offsetof(__typeof(*__p), FAM) +
sizeof(*(*__p)->FAM) * __c); \
Qing
>
>>> if ((*__p = malloc(__size))) { \
>>> __auto_type ret = __builtin_counted_by_ref((*__p)->FAM); \
>>> *_Generic(ret, void *: &(size_t){0}, default: ret) = __c; \
>>> } \
>>> })
>>>
>>> to have brackets around the macro arguments to avoid accidents,
>>> to reduce compile time due to multiple evaluation of the macro
>>> arguments, and to avoid warnings for the null pointer dereference
>>> on clang.
>
> Jakub
>
