[clang] [BoundsSafety] Allow 'counted_by' attribute on pointers in structs in C (PR #90786)
Kees Cook via cfe-commits
cfe-commits at lists.llvm.org
Sat May 11 13:39:54 PDT 2024
kees wrote:
> Consider this example. It tries to illustrate why putting `__counted_by()` on a pointer to a structs containing flexible array members doesn't make sense.
>
> ```c
> struct HasFAM {
> int count;
> char buffer[] __counted_by(count); // This is OK
> };
>
> struct BufferOfFAMS {
> int count;
> struct HasFAM* fams __counted_by(count); // This is invalid
> };
> ```
Agreed: structs with flexible array members must be considered to be singletons. This property is actually important for being able to have `__builtin_dynamic_object_size()` work on pointers to flexible array structs. i.e.:
```
size_t func(struct foo *p)
{
return__builtin_dynamic_object_size(p, 0);
}
```
This must always return `SIZE_MAX` for fixed-size arrays since the pointer may be in the middle of a larger array of `struct foo`s, but if it is a struct with a flexible array marked with `counted_by`, then we know deterministically what the size is, since it must be a single complete object.
https://github.com/llvm/llvm-project/pull/90786
More information about the cfe-commits
mailing list