Date: Wed, 11 Feb 2009 14:18:10 +0200 From: Kostik Belousov <kostikbel@gmail.com> To: Roman Divacky <rdivacky@freebsd.org> Cc: mav@freebsd.org, net@freebsd.org Subject: Re: unsafe C in netgraph/pppoed.c Message-ID: <20090211121810.GF62256@deviant.kiev.zoral.com.ua> In-Reply-To: <20090210215739.GA24102@freebsd.org> References: <20090210215739.GA24102@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--jkO+KyKz7TfD21mV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Feb 10, 2009 at 10:57:39PM +0100, Roman Divacky wrote:
> hi
>=20
>=20
> struct pppoe_tag {
> u_int16_t tag_type;
> u_int16_t tag_len;
> char tag_data[];
> }__packed;
>=20
> struct pppoe_hdr{
> u_int8_t ver:4;
> u_int8_t type:4;
> u_int8_t code;
> u_int16_t sid;
> u_int16_t length;
> struct pppoe_tag tag[];
> }__packed;
>=20
>=20
> this is inherently unsafe as the tag_data can only have 0 elements
> to be used safely. gcc compiles this without warning although there
> should be a big one.=20
>=20
> I found this using clang, which produces this error/warning:
>=20
> lev pppoed$ ccc -c pppoed.c =
ccc: Unknown host 'freebsd', usin=
g generic host information.
> In file included from pppoed.c:41:
> /usr/include/netgraph/ng_pppoe.h:213:22: error: 'struct pppoe_tag' may no=
t be used as an array element due to flexible array member
> struct pppoe_tag tag[];
> ^
> 1 diagnostic generated.
>=20
> can you guys take a look at this issue?
>=20
> thnx!
>=20
> roman
>=20
> p.s. please keep me CCed as I am not subscribed to net@
The use of [] as an array specifier for the last structure element
is a well formed C99 construct, called flexible array member.
See ISO/IEC 9899:1999 (E), 6.7.2.1, clause 16.
Citation:
As a special case, the last element of a structure with more than
one named member may have an incomplete array type; this is called a
flexible array member.
=2E..
Then, the use of the structure with flexible array member as a member of
another structure is the gcc extension. See the Chapter 5: Extensions to
the C Language Family 5.14 Arrays of Length Zero in the gcc manual. This
is the reason why it is silently adopted by in-tree compiler.
--jkO+KyKz7TfD21mV
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iEYEARECAAYFAkmSwgEACgkQC3+MBN1Mb4gsHACg6ol3ASEzatcwyXgiiXqJ5N5V
0nYAoNhGSFYJadZIbxMsDha2GRBMelUb
=oHhw
-----END PGP SIGNATURE-----
--jkO+KyKz7TfD21mV--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090211121810.GF62256>