Re: [PATCH v5 0/2] Remove false-positive VLAs when using max()
From: Linus Torvalds
Date: Tue Mar 20 2018 - 19:24:04 EST
On Sat, Mar 17, 2018 at 1:07 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> No luck! :( gcc 4.4 refuses to play along. And, hilariously, not only
> does it not change the complaint about __builtin_choose_expr(), it
> also thinks that's a VLA now.
Hmm. So thanks to the diseased mind of Martin Uecker, there's a better
test for "__is_constant()":
/* Glory to Martin Uecker <Martin.Uecker@xxxxxxxxxxxxxxxxxxxxx> */
#define __is_constant(a) \
(sizeof(int) == sizeof(*(1 ? ((void*)((a) * 0l)) : (int*)1)))
that is actually *specified* by the C standard to work, and doesn't
even depend on any gcc extensions.
The reason is some really subtle pointer conversion rules, where the
type of the ternary operator will depend on whether one of the
pointers is NULL or not.
And the definition of NULL, in turn, very much depends on "integer
constant expression that has the value 0".
Are you willing to do one final try on a generic min/max? Same as my
last patch, but using the above __is_constant() test instead of
__builtin_constant_p?
Linus