Re: [PATCH v2] uapi: fix __DECLARE_FLEX_ARRAY for C++
From: Kees Cook
Date: Fri Sep 08 2023 - 11:53:17 EST
On Fri, Sep 08, 2023 at 06:14:38PM +0300, Alexey Dobriyan wrote:
> __DECLARE_FLEX_ARRAY(T, member) macro expands to
>
> struct {
> struct {} __empty_member;
> T member[];
> };
>
> which is subtly wrong in C++ because sizeof(struct{}) is 1 not 0,
Ewwww. Isn't this a bug in C++?
> changing UAPI structures layouts.
>
> This can be fixed by expanding to
>
> T member[];
>
> Now g++ doesn't like "T member[]" either throwing errors on code like
> this:
>
> struct S {
> union {
> T1 member1[];
> T2 member2[];
> };
> };
>
> or
>
> struct S {
> T member[];
> };
> So use
>
> T member[0];
>
> which seems to work and does the right thing wrt structure layout.
It seems sad to leave C++ broken, but I guess we have to do this.
Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>
> Fix header guard while I'm at it.
Hm, when did that get broken? Maybe that should be fixed separately?
>
> Signed-off-by: Alexey Dobriyan <adobriyan@xxxxxxxxx>
Probably a Fixes: tag would be nice too.
-Kees
> ---
>
> include/uapi/linux/stddef.h | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> --- a/include/uapi/linux/stddef.h
> +++ b/include/uapi/linux/stddef.h
> @@ -39,6 +39,10 @@
> * struct, it needs to be wrapped in an anonymous struct with at least 1
> * named member, but that member can be empty.
> */
> +#ifdef __cplusplus
> +#define __DECLARE_FLEX_ARRAY(T, member) \
> + T member[0]
> +#else
> #define __DECLARE_FLEX_ARRAY(TYPE, NAME) \
> struct { \
> struct { } __empty_ ## NAME; \
> @@ -49,3 +53,5 @@
> #ifndef __counted_by
> #define __counted_by(m)
> #endif
> +
> +#endif
--
Kees Cook