Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 11 Feb 2009 14:18:10 +0200
From:      Kostik Belousov <kostikbel@gmail.com>
To:        Roman Divacky <rdivacky@freebsd.org>
Cc:        mav@freebsd.org, net@freebsd.org
Subject:   Re: unsafe C in netgraph/pppoed.c
Message-ID:  <20090211121810.GF62256@deviant.kiev.zoral.com.ua>
In-Reply-To: <20090210215739.GA24102@freebsd.org>
References:  <20090210215739.GA24102@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
On Tue, Feb 10, 2009 at 10:57:39PM +0100, Roman Divacky wrote:
> hi
> 
> 
> struct pppoe_tag {
>         u_int16_t tag_type;
>         u_int16_t tag_len;
>         char tag_data[];
> }__packed;
> 
> struct pppoe_hdr{
>         u_int8_t ver:4;
>         u_int8_t type:4;
>         u_int8_t code;
>         u_int16_t sid;
>         u_int16_t length;
>         struct pppoe_tag tag[];
> }__packed;
> 
> 
> this is inherently unsafe as the tag_data can only have 0 elements
> to be used safely. gcc compiles this without warning although there
> should be a big one. 
> 
> I found this using clang, which produces this error/warning:
> 
> lev pppoed$ ccc -c pppoed.c                                                                                        ccc: Unknown host 'freebsd', using generic host information.
> In file included from pppoed.c:41:
> /usr/include/netgraph/ng_pppoe.h:213:22: error: 'struct pppoe_tag' may not be used as an array element due to flexible array member
>         struct pppoe_tag tag[];
>                             ^
> 1 diagnostic generated.
> 
> can you guys take a look at this issue?
> 
> thnx!
> 
> roman
> 
> p.s. please keep me CCed as I am not subscribed to net@

The use of [] as an array specifier for the last structure element
is a well formed C99 construct, called flexible array member.
See ISO/IEC 9899:1999 (E), 6.7.2.1, clause 16.

Citation:
As a special case, the last element of a structure with more than
one named member may have an incomplete array type; this is called a
flexible array member.
...

Then, the use of the structure with flexible array member as a member of
another structure is the gcc extension. See the Chapter 5: Extensions to
the C Language Family 5.14 Arrays of Length Zero in the gcc manual. This
is the reason why it is silently adopted by in-tree compiler.

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAkmSwgEACgkQC3+MBN1Mb4gsHACg6ol3ASEzatcwyXgiiXqJ5N5V
0nYAoNhGSFYJadZIbxMsDha2GRBMelUb
=oHhw
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090211121810.GF62256>