On 19.09.2019 15:54, Martin Husemann wrote:
> On Thu, Sep 19, 2019 at 03:42:35PM +0200, Kamil Rytarowski wrote:
>> Our _CTASSERT is broken as it is not constant-time expression. We define
>> VLA which size can be in runtime -1 and trigger UB. Worse than UB is
>> that it does not validate whether the expression is valid.
>
> Well, it is not broken for all supported use cases and there is no
> runtime. So I still must be missing something here.
>
__CTASSERT is runtime VLA (at least in a number of cases).
Another example of the same thing is here:
int main(int argc, char **argv) { volatile int v[-argc]; return 0; }
This code will build and run (on amd64, aarch64, ..).
>>>> #include <sys/cdefs.h>
>>>> int main(int argc, char **argv) { __CTASSERT(argc < 0); return 0; }
>>>
>>> I think this is an abuse of __CTASSERT and should not be supported.
>>>
>>
>> My patch proposal fixes this.
>
> I meant we should just fix the abuses and be done.
>
Fixing abuse is not complete fix as __CTASSERT is dummy today.
> Martin
>
Attachment:
signature.asc
Description: OpenPGP digital signature