On Thu, Feb 26, 2015 at 12:59:08AM -0800, Martin Uecker wrote:
> > No, it is not bogus nor unnecessary.
> > This isn't about just real flexible arrays, but similar constructs,
> > C++ doesn't have flexible array members, nor C89, so people use the
> > GNU extension of struct S { ... ; char a[0]; } instead, or
>
> The GNU extension is still allowed, i.e. not instrumented with
> the patch.
>
> > use char a[1]; as the last member and still expect to be able to access
> > s->a[i] for i > 0 say on heap allocations etc.
>
> And this is broken code. I would argue that a user who uses the
> ubsan *expects* this to be diagnosed. Atleast I was surprised
> that it didn't catch more out-of-bounds accesses.
So can you explain what a C++ programmer can do portably? It has neither
flexible array members, nor without GNU extensions zero sized arrays.
If the array size is constant, perhaps turn the struct into a template,
but if it is variable? Ditto for C89 code.
The amount of code that uses this idiom in the wild is huge.
Jakub
