kees added a comment.
Example of the bug I want to block:
struct foo {
int stuff;
u32 data[0];
};
struct foo *deserialize(u8 *str, int len)
{
struct foo *instance;
size_t bytes;
bytes = sizeof(*instance) + sizeof(instance->data) * (len / sizeof(u32));
instance = kmalloc(bytes, GFP_KERNEL);
if (!instance)
return NULL;
memcpy(instance->data, str, len)
}
This contains a catastrophic 1 character bug (should be
`sizeof(*instance->data)`) that will only be encountered at runtime when the
memcpy runs past the end of the the allocation. It could have been caught at
build-time if the flex-array extensions were disabled; without
`-fstrict-flex-arrays=3` I have no way to block these (or similar) sneaking
back into the kernel by way of old (or new) userspace APIs. :( So actually,
even with `#pragma`, we could still trip over this. Please leave the `=3` mode.
https://godbolt.org/z/dexd3a4Y8
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D126864/new/
https://reviews.llvm.org/D126864
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
