[clang] [BoundsSafety] Allow 'counted_by' attribute on pointers in structs in C (PR #90786)
Bill Wendling via cfe-commits
cfe-commits at lists.llvm.org
Fri May 3 12:06:32 PDT 2024
================
@@ -6534,6 +6536,15 @@ def err_counted_by_attr_refer_to_union : Error<
"'counted_by' argument cannot refer to a union member">;
def note_flexible_array_counted_by_attr_field : Note<
"field %0 declared here">;
+def err_counted_by_attr_pointee_unknown_size : Error<
+ "'counted_by' cannot be applied a pointer with pointee with unknown size "
+ "because %0 is %select{"
+ "an incomplete type|" // CountedByInvalidPointeeTypeKind::INCOMPLETE
+ "a sizeless type|" // CountedByInvalidPointeeTypeKind::SIZELESS
+ "a function type|" // CountedByInvalidPointeeTypeKind::FUNCTION
----------------
bwendling wrote:
I'm a bit confused why a function type is excluded. Isn't it just a pointer? @kees can correct me, but I think the point of `counted_by` on a pointer is that it could be a list of pointers, and we don't want to allow someone to access beyond that list:
```c
struct s {
int count;
int *ptr __counted_by(count);
};
struct s *alloc(size_t num_elems) {
struct s *p = malloc(sizeof(struct s));
p->count = num_elems;
p->ptr = calloc(sizeof(int), num_elems);
return p;
}
```
If that's the case, then any pointer should be okay.
https://github.com/llvm/llvm-project/pull/90786
More information about the cfe-commits
mailing list