On Mon, Nov 10, 2014 at 12:20:03AM -0800, Martin Uecker wrote:
> There is also no warning in the following example
> when the array is the last element of a struct.
>
> struct h3 {
> int i;
> int j[3];
> };
>
> struct h3* h3 = malloc(sizeof(struct h) + 3 * sizeof(int));
> h3->j[4] = 1;
>
> I guess this is to avoid warnings for the 'struct hack', but why
> is this not limited to arrays with size 0 (and maybe 1) and
> flexible array members?
Because 0 or 1 are not the only ones recognized as poor man's flexible array
members, any trailing arrays are, whatever the constant is. So it is very
much intentional we don't warn above. You haven't provided struct h definition,
if you meant offsetof(struct h3, j[0]) or similar instead, then I think
-fsanitize=undefined should diagnose this at runtime (and of course
-fsanitize=address too).
Jakub
