Re: Safe file update library ready (sort of)
On 2011-01-26 17:36:19 +0100, Hendrik Sattler wrote:
> Zitat von "Goswin von Brederlow" <goswin-v-b@web.de>:
>
> >"Hendrik Sattler" <post@hendrik-sattler.de> writes:
> >
> >>Zitat von "Goswin von Brederlow" <goswin-v-b@web.de>:
> >>
> >>>typedef struct {
> >>> int fd;
> >>> char buffer[0];
> >>>} safe_t;
> >>>
> >>>and allocating the struct as big as needed.
> >>
> >>Maybe don't recommend invalid C? Bad habits don't have to live on forever...
> >>
> >>HS
> >
> >Would you use
> >
> >typedef struct {
> > int fd;
> > char buffer[];
> >} safe_t;
> >
> >or what do you mean by invalid C?
>
> "char buffer[0];" is veeery gcc-specific as the storage size of
> buffer is 0. According to the C99 standard:
> "6.7.5.2 Array declarators
> Constraints
> 1 In addition to optional type qualifiers and the keyword static, the [ and
> ] may delimit an expression or *. If they delimit an expression (which
> specifies the size of an array), the expression shall have an integer type.
> If the expression is a constant expression, it shall have a value greater
> than zero."
As the intended code seems to be a "flexible array member" wouldn't
§6.7.2.1 (16) apply here?
See also http://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
> Either make this "char buffer[1];" and live with the fact that e.g.
> cppcheck will yell at you (better not), or use "safe_t x= ...; char
> *buffer = x + 1;" with or without explicit reference in safe_t (if
> you want to allocate in one block) or simply allocate it seperately.
Depending on how this buffer is used this might cause compilation
problems when -D_FORTIFY_SOURCE_ is used as gcc checks for strcpy() the
size of the destination buffer and complains if it's too small.
Regards,
Michael
Reply to: