[PATCH] D134902: [clang] Implement -fstrict-flex-arrays=3
Kees Cook via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Oct 10 23:06:33 PDT 2022
kees added a comment.
In D134902#3848595 <https://reviews.llvm.org/D134902#3848595>, @serge-sans-paille wrote:
> I second the opinion here. C99 says nothing about flexible array member for unions, that's already a "language extension". (and so not be considered as FAM by `-fstrict-flex-arrays=3`)
To be super pedantic, C99 implies a FAM in a union is illegal. 6.7.2.1.16 says "As a special case, the last element of a structure with more than one named member may have an incomplete array type; this is called a flexible array member." The implication is that such a state ("more than one named member") isn't possible in a union.
But in real-world usage, this definition isn't useful and flies in the face of actual (fake) FAM usage. Having fake FAMs in unions is _very_ common in the Linux kernel, and they even appear alone in structs. There is no pragmatic reason for the C99 limitation, and it's needlessly enforced only for "real" FAMs. But this is a separate issue we can solve separately.
> Both GCC and Clang implement that extension for array of size 0 and 1, see https://godbolt.org/z/1xYMYq75s. That's the *legacy* behavior of Clang.
>
> We may want to harmonize with struct behavior (for consistency etc) but I'd advocate to so in a separate patch.
I just want to repeat for clarity: this isn't about union vs struct. This is about UBSAN vs not. Here is the same behavior, shown with a struct:
https://godbolt.org/z/4TbWYP4f9
Clang's `-fsanitize=array-bounds` is misbehaving.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D134902/new/
https://reviews.llvm.org/D134902
More information about the cfe-commits
mailing list