lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7ac2012c-6d22-dcc2-7c96-b9d6d578706a@linaro.org>
Date:   Tue, 11 Feb 2020 18:21:13 -0600
From:   Alex Elder <elder@...aro.org>
To:     "Gustavo A. R. Silva" <gustavo@...eddedor.com>,
        Johan Hovold <johan@...nel.org>, Alex Elder <elder@...nel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     devel@...verdev.osuosl.org, greybus-dev@...ts.linaro.org,
        linux-kernel@...r.kernel.org
Subject: Re: [greybus-dev] [PATCH] staging: greybus: Replace zero-length array
 with flexible-array member

On 2/11/20 4:47 PM, Gustavo A. R. Silva wrote:
> 
> 
> On 2/11/20 16:15, Alex Elder wrote:
>> On 2/11/20 3:12 PM, Gustavo A. R. Silva wrote:
>>> The current codebase makes use of the zero-length array language
>>> extension to the C90 standard, but the preferred mechanism to declare
>>> variable-length types such as these ones is a flexible array member[1][2],
>>> introduced in C99:
>>>
>>> struct foo {
>>>         int stuff;
>>>         struct boo array[];
>>> };
>>>
>>> By making use of the mechanism above, we will get a compiler warning
>>> in case the flexible array does not occur last in the structure, which
>>> will help us prevent some kind of undefined behavior bugs from being
>>> inadvertenly introduced[3] to the codebase from now on.
>>>
>>> This issue was found with the help of Coccinelle.
>>>
>>> [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
>>> [2] https://github.com/KSPP/linux/issues/21
>>> [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour")
>>>
>>> Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
>>> ---
>>>  drivers/staging/greybus/raw.c | 2 +-
>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/staging/greybus/raw.c b/drivers/staging/greybus/raw.c
>>> index 838acbe84ca0..2b301b2aa107 100644
>>> --- a/drivers/staging/greybus/raw.c
>>> +++ b/drivers/staging/greybus/raw.c
>>> @@ -30,7 +30,7 @@ struct gb_raw {
>>>  struct raw_data {
>>>  	struct list_head entry;
>>>  	u32 len;
>>> -	u8 data[0];
>>> +	u8 data[];
>>>  };
>>>  
>>>  static struct class *raw_class;
>>>
>>
>> Does the kamlloc() call in receive_data() have any problems
>> with the sizeof(*raw_data) passed as its argument?
>>
> 
> Not in this case. It'd be different with a one-element array (u8 data[1]),
> though.
> 
>> I'm not entirely sure what sizeof(struct-with-flexible-array-member)
>> produces.
>>
> 
> The same as sizeof(struct-with-zero-length-array):
> 
> "Flexible array members have incomplete type, and so the sizeof operator
> may not be applied. As a quirk of the original implementation of
> zero-length arrays, sizeof evaluates to zero."[1]
> 
> [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html

I saw that, but I wondered what the standard says (and
whether Clang produces the same result).

I found this in a draft standard, and I guess we can
assume it applies here:

    "...the  size of the structure is as if the flexible
    array  member were omitted except that it may have
    more trailing padding than the omission would imply."

Looks good to me.

Reviewed-by: Alex Elder <elder@...aro.org>

> 
> --
> Gustavo
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ