[vlc-devel] [PATCH] objects: ensure accessing payload parents via container_of is correct

Rémi Denis-Courmont remi at remlab.net
Wed Jul 26 10:35:46 CEST 2017 

Le 26 juillet 2017 10:39:01 GMT+03:00, Steve Lhomme <robux4 at videolabs.io> a écrit :
>In those cases the parent of a payload is accessed via the
>container_of() macro
>that removes the size of the containing structure of the payload
>pointer. This
>size comes from offsetof() the flexible array element at the end of the
>parent
>structure.
>The compiler is supposed to treat the flexible array element has having
>no size
>in the structure (except when accessed).
>---
> src/misc/objects.c | 3 +++
> src/misc/objres.c  | 2 ++
> 2 files changed, 5 insertions(+)
>
>diff --git a/src/misc/objects.c b/src/misc/objects.c
>index 91eebdaf20..e953e38a64 100644
>--- a/src/misc/objects.c
>+++ b/src/misc/objects.c
>@@ -186,6 +186,9 @@ void *vlc_custom_create (vlc_object_t *parent,
>size_t length,
>      * and zeroes the rest.
>      */
>     assert (length >= sizeof (vlc_object_t));
>+    static_assert( sizeof(vlc_object_internals_t) == 
>+                   offsetof(vlc_object_internals_t, aligned_end),
>+                  "flexible array size is not ignored" );
> 
>     vlc_object_internals_t *priv = malloc (sizeof (*priv) + length);
>     if (unlikely(priv == NULL))
>diff --git a/src/misc/objres.c b/src/misc/objres.c
>index 1afaccb700..b9aa87f30d 100644
>--- a/src/misc/objres.c
>+++ b/src/misc/objres.c
>@@ -51,6 +51,8 @@ void *vlc_objres_new(size_t size, void
>(*release)(void *))
>         errno = ENOMEM;
>         return NULL;
>     }
>+    static_assert( sizeof(struct vlc_res) == offsetof(struct vlc_res,
>payload),
>+                   "flexible array size is not ignored" );
> 
>     struct vlc_res *res = malloc(sizeof (*res) + size);
>     if (unlikely(res == NULL))
>-- 
>2.12.1
>
>_______________________________________________
>vlc-devel mailing list
>To unsubscribe or modify your subscription options:
>https://mailman.videolan.org/listinfo/vlc-devel

Nack. This assertion is always true. If you want to check that nobody breaks aligned_end the sensible assertion is alignof(internals) >= alignof(max_align_t). But it would be incredibly stupid and reckless for somebody to make aligned_end not the end of the structure, so that seems pointless too.
-- 
Rémi Denis-Courmont
Typed on an inconvenient virtual keyboard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20170726/0797066f/attachment-0001.html>

More information about the vlc-devel mailing list