https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68270
Bug ID: 68270
Summary: Common pattern for variable sized data clashes with
MPX bound checks
Product: gcc
Version: 5.2.0
Status: UNCONFIRMED
Severity: enhancement
Priority: P3
Component: other
Assignee: unassigned at gcc dot gnu.org
Reporter: jussi.judin at ericsson dot com
Target Milestone: ---
A very common pattern due to pedantic C89, C90, and C++ compatibility is to
declare an array of size 1 when having a structure with a variable sized member
at the end. GCC's memory protection extensions, however, work in a way that
only zero/variable sized members are treated in such way that their bounds are
not explicitly checked
(https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler#line-142).
This makes it impossible to use existing code with MPX checks without changes
that go through large amount of header files that use this pattern of arrays
size 1.
To demonstrate this issue, here are 3 different ways to indicate structures
with a variable sized array at the end of the structure:
typedef struct struktura1 {
long len;
char data[];
} struktura1;
typedef struct struktura2 {
long len;
char data[0];
} struktura2;
typedef struct struktura3 {
long len;
char data[1] __attribute__((bnd_variable_size));
} struktura3;
If we compile them with different standards and warning levels, we'll get these
kind of results:
$ gcc-5.2.0 --std=c89 -pedantic tst.c
tst.c:3:10: warning: ISO C90 does not support flexible array members
[-Wpedantic]
char data[];
^
tst.c:8:10: warning: ISO C forbids zero-size array ‘data’ [-Wpedantic]
char data[0];
$ gcc-5.2.0 -xc++ --std=c++14 -pedantic tst.c
tst.c:3:15: warning: ISO C++ forbids zero-size array ‘data’ [-Wpedantic]
char data[];
^
tst.c:8:16: warning: ISO C++ forbids zero-size array ‘data’ [-Wpedantic]
char data[0];
$ gcc-4.8 --std=c11 -pedantic tst.c
tst.c:8:10: warning: ISO C forbids zero-size array ‘data’ [-Wpedantic]
char data[0];
^
tst.c:13:5: warning: ‘bnd_variable_size’ attribute directive ignored
[-Wattributes]
char data[1] __attribute__((bnd_variable_size));
^
Not to mention that a lot of code is compiled with other compilers than GCC
that don't know about "bnd_variable_size" attribute, so making the code shown
above to be compatible with different compilers and also having MPX checks in
place requires some macro magic depending on which compiler is in use and which
standard the compilation is done against.
GCC should ignore or have an option to ignore bound checks for arrays of size 1
at the end of the structure so that just trying out MPX support wouldn't need
large scale changes to existing code bases.
