<html><head></head><body><div class="gmail_quote">Le 26 juillet 2017 11:43:09 GMT+03:00, Steve Lhomme <robux4@gmail.com> a écrit :<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">On Wed, Jul 26, 2017 at 10:35 AM, Rémi Denis-Courmont <remi@remlab.net> wrote:<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> Le 26 juillet 2017 10:39:01 GMT+03:00, Steve Lhomme <robux4@videolabs.io> a<br /> écrit :<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ad7fa8; padding-left: 1ex;"><br /> In those cases the parent of a payload is accessed via the container_of()<br /> macro<br /> that removes the size of the containing structure of the payload pointer.<br /> This<br /> size comes from offsetof() the flexible array element at the end of the<br /> parent<br /> structure.<br /> The compiler is supposed to treat the flexible array element has having no<br /> size<br /> in the structure (except when accessed).<br /> ---<br /> src/misc/objects.c | 3 +++<br /> src/misc/objres.c | 2 ++<br /> 2 files changed, 5 insertions(+)<br /><br /> diff --git a/src/misc/objects.c b/src/misc/objects.c<br /> index 91eebdaf20..e953e38a64 100644<br /> --- a/src/misc/objects.c<br /> +++ b/src/misc/objects.c<br /> @@ -186,6 +186,9 @@ void *vlc_custom_create (vlc_object_t *parent, size_t<br /> length,<br /> * and zeroes the rest.<br /> */<br /> assert (length >= sizeof (vlc_object_t));<br /> + static_assert( sizeof(vlc_object_internals_t) ==<br /> + offsetof(vlc_object_internals_t, aligned_end),<br /> + "flexible array size is not ignored" );<br /><br /> vlc_object_internals_t *priv = malloc (sizeof (*priv) + length);<br /> if (unlikely(priv == NULL))<br /> diff --git a/src/misc/objres.c b/src/misc/objres.c<br /> index 1afaccb700..b9aa87f30d 100644<br /> --- a/src/misc/objres.c<br /> +++ b/src/misc/objres.c<br /> @@ -51,6 +51,8 @@ void *vlc_objres_new(size_t size, void (*release)(void<br /> *))<br /> errno = ENOMEM;<br /> return NULL;<br /> }<br /> + static_assert( sizeof(struct vlc_res) == offsetof(struct vlc_res,<br /> payload),<br /> + "flexible array size is not ignored" );<br /><br /> struct vlc_res *res = malloc(sizeof (*res) + size);<br /> if (unlikely(res == NULL))<br /></blockquote><br /><br /> Nack. This assertion is always true. If you want to check that nobody breaks<br /></blockquote><br />It's not always true. I do have the assertion fail in some cases. And<br />as said in my follow-up email. There is no strict guarantee in the<br />standard that this is true.<br /><br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> aligned_end the sensible assertion is alignof(internals) >=<br /> alignof(max_align_t). But it would be incredibly stupid and reckless for<br /> somebody to make aligned_end not the end of the structure, so that seems<br /> pointless too.<br /> --<br /> Rémi Denis-Courmont<br /> Typed on an inconvenient virtual keyboard<br /><br /><hr /><br /> vlc-devel mailing list<br /> To unsubscribe or modify your subscription options:<br /> <a href="https://mailman.videolan.org/listinfo/vlc-devel">https://mailman.videolan.org/listinfo/vlc-devel</a><br /></blockquote><hr /><br />vlc-devel mailing list<br />To unsubscribe or modify your subscription options:<br /><a href="https://mailman.videolan.org/listinfo/vlc-devel">https://mailman.videolan.org/listinfo/vlc-devel</a></pre></blockquote></div><br clear="all">Well, if it ain't always true, then it can't be relied upon, so the assertion does not make sense either way.<br>
<br>
4f91e6bc15d8b72deb1f761ca857a33d672c91ef should be reverted instead in that case.<br>
-- <br>
Rémi Denis-Courmont<br>
Typed on an inconvenient virtual keyboard</body></html>