Date: Wed, 11 Feb 2009 14:18:10 +0200 From: Kostik Belousov <kostikbel@gmail.com> To: Roman Divacky <rdivacky@freebsd.org> Cc: mav@freebsd.org, net@freebsd.org Subject: Re: unsafe C in netgraph/pppoed.c Message-ID: <20090211121810.GF62256@deviant.kiev.zoral.com.ua> In-Reply-To: <20090210215739.GA24102@freebsd.org> References: <20090210215739.GA24102@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--jkO+KyKz7TfD21mV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 10, 2009 at 10:57:39PM +0100, Roman Divacky wrote: > hi >=20 >=20 > struct pppoe_tag { > u_int16_t tag_type; > u_int16_t tag_len; > char tag_data[]; > }__packed; >=20 > struct pppoe_hdr{ > u_int8_t ver:4; > u_int8_t type:4; > u_int8_t code; > u_int16_t sid; > u_int16_t length; > struct pppoe_tag tag[]; > }__packed; >=20 >=20 > this is inherently unsafe as the tag_data can only have 0 elements > to be used safely. gcc compiles this without warning although there > should be a big one.=20 >=20 > I found this using clang, which produces this error/warning: >=20 > lev pppoed$ ccc -c pppoed.c = ccc: Unknown host 'freebsd', usin= g generic host information. > In file included from pppoed.c:41: > /usr/include/netgraph/ng_pppoe.h:213:22: error: 'struct pppoe_tag' may no= t be used as an array element due to flexible array member > struct pppoe_tag tag[]; > ^ > 1 diagnostic generated. >=20 > can you guys take a look at this issue? >=20 > thnx! >=20 > roman >=20 > p.s. please keep me CCed as I am not subscribed to net@ The use of [] as an array specifier for the last structure element is a well formed C99 construct, called flexible array member. See ISO/IEC 9899:1999 (E), 6.7.2.1, clause 16. Citation: As a special case, the last element of a structure with more than one named member may have an incomplete array type; this is called a flexible array member. =2E.. Then, the use of the structure with flexible array member as a member of another structure is the gcc extension. See the Chapter 5: Extensions to the C Language Family 5.14 Arrays of Length Zero in the gcc manual. This is the reason why it is silently adopted by in-tree compiler. --jkO+KyKz7TfD21mV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkmSwgEACgkQC3+MBN1Mb4gsHACg6ol3ASEzatcwyXgiiXqJ5N5V 0nYAoNhGSFYJadZIbxMsDha2GRBMelUb =oHhw -----END PGP SIGNATURE----- --jkO+KyKz7TfD21mV--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090211121810.GF62256>