unsafe C in netgraph/pppoed.c
Kostik Belousov
kostikbel at gmail.com
Wed Feb 11 05:15:54 PST 2009
On Tue, Feb 10, 2009 at 10:57:39PM +0100, Roman Divacky wrote:
> hi
>
>
> struct pppoe_tag {
> u_int16_t tag_type;
> u_int16_t tag_len;
> char tag_data[];
> }__packed;
>
> struct pppoe_hdr{
> u_int8_t ver:4;
> u_int8_t type:4;
> u_int8_t code;
> u_int16_t sid;
> u_int16_t length;
> struct pppoe_tag tag[];
> }__packed;
>
>
> this is inherently unsafe as the tag_data can only have 0 elements
> to be used safely. gcc compiles this without warning although there
> should be a big one.
>
> I found this using clang, which produces this error/warning:
>
> lev pppoed$ ccc -c pppoed.c ccc: Unknown host 'freebsd', using generic host information.
> In file included from pppoed.c:41:
> /usr/include/netgraph/ng_pppoe.h:213:22: error: 'struct pppoe_tag' may not be used as an array element due to flexible array member
> struct pppoe_tag tag[];
> ^
> 1 diagnostic generated.
>
> can you guys take a look at this issue?
>
> thnx!
>
> roman
>
> p.s. please keep me CCed as I am not subscribed to net@
The use of [] as an array specifier for the last structure element
is a well formed C99 construct, called flexible array member.
See ISO/IEC 9899:1999 (E), 6.7.2.1, clause 16.
Citation:
As a special case, the last element of a structure with more than
one named member may have an incomplete array type; this is called a
flexible array member.
...
Then, the use of the structure with flexible array member as a member of
another structure is the gcc extension. See the Chapter 5: Extensions to
the C Language Family 5.14 Arrays of Length Zero in the gcc manual. This
is the reason why it is silently adopted by in-tree compiler.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20090211/eba0f6cb/attachment.pgp
More information about the freebsd-net
mailing list