When the last element of a structure is an array, builtin_object_size__ always
assumes it is a flexible array no matter the length. For example, the below
code compiled with '-O2' in 4.5.0 gives an unexpected length in 'a', 'b', 'd',
and 'f'. At a minimum, it is expected that 'a' and 'd' should return 40 since
'e' is returning 40. It is debatable if 'b' and 'f' should return 40 or the
remaining size of the malloced memory.
#include <stdio.h>
struct bar0 {
char c[40];
};
struct bar1 {
char c[40];
char d[40];
};
struct bar *bp;
int main()
{
struct bar0 *b0;
struct bar0 *b0m = malloc(200);
struct bar1 *b1;
struct bar1 *b1m = malloc(200);
printf("%ld\n", __builtin_object_size(b0->c, 3)); // a. Returned 0,
expected 40
printf("%ld\n", __builtin_object_size(b0m->c, 3)); // b. Returned 200,
expected 40 or 200
printf("%ld\n", __builtin_object_size(b1->c, 3)); // c. Returned 40,
expected 40
printf("%ld\n", __builtin_object_size(b1->d, 3)); // d. Returned 0,
expected 40
printf("%ld\n", __builtin_object_size(b1m->c, 3)); // e. Returned 40,
expected 40
printf("%ld\n", __builtin_object_size(b1m->d, 3)); // f. Returned 160,
expected 40 or 160
return 0;
}
--
Summary: builtin_object_size_ assumes a flexible array for a long
array in a structure of known length
Product: gcc
Version: 4.5.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: meklund at cisco dot com
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44386
