On Tue, Dec 20 2022, Todd C. Miller <mill...@openbsd.org> wrote: > On Tue, 20 Dec 2022 23:44:08 +0100, Patrick Wildt wrote: > >> clang complains when the function is declared with a fixed array size in >> a parameter while the prototype is unbounded, like this: >> >> /usr/src/sys/net/pf.c:4353:54: error: argument 'sns' of type 'struct pf_src_n >> ode *[4]' with mismatched bound [-Werror,-Warray-parameter] >> struct pf_rule_actions *act, struct pf_src_node *sns[PF_SN_MAX]) >> ^ >> /usr/src/sys/net/pf.c:203:28: note: previously declared as 'struct pf_src_nod >> e *[]' here >> struct pf_src_node *[]); >> ^ >> 1 error generated. >> >> We have a few of that, and was wondering what the better solution is. >> clang apparently accepts using * instead of []. The alternative would >> be to hardcode the size in the prototype as well. Here's a diff for >> a three files for the first version, as example. > > Using * instead of [] is the saner approach. Hard-coding the sizes > into the prototype seems like a bad idea, even if clang is now smart > enough to complain about a mismatch.
At first I went with this approach: https://github.com/jcourreges/openbsd-src/commit/b24dd00848e30977d1aed7404afe9455aff0c9dc but the full kernel diff to add the sizes to the declaration is short, as the size is either hardcoded in the same file or hidden behind a define in scope: https://github.com/jcourreges/openbsd-src/commit/4862df383ccb8a8e03d5c11b4fb739b6a3a5a7c7 Sadly making the size available in the declaration doesn't seem to be clang any smarter (yet?). clang won't warn about passing the address of array[10] to a function which access array[15] or so. I don't care much about the direction we end up using, but specifying the size in the declaration isn't insane. We seldom pass a pointers to a buffer without an accompanying buffer length. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
