On Fri, Sep 18, 2020 at 02:18:20PM -0700, Linus Torvalds wrote: > On Fri, Sep 18, 2020 at 2:00 PM Arvind Sankar <nivedita@xxxxxxxxxxxx> wrote: > > > > You could just assert that offsetof(typeof(s),flex) == sizeof(s), no? > > No, because the whole point is that I want that "sizeof(s)" to *WARN*. > > It's a nonsensical thing to do. That 's' has no statically known size. > > The C standard is being very confused here, in that it tries to claim > that the flexible arrays are somehow fundamentally different from a > zero-sized one. But then it acts as if they are exactly the same wrt > sizeof() and structure copies. > > It should warn, exactly because right now it causes potential bugs > like the one that started this thread. > > You can't have both "zero-sized arrays are bad and shouldn't be used" > and "flexible arrays are good, and work exactly like zero-sized > arrays". > > Either zero-sized arrays are bad or they aren't. And if they are bad, > then flexible arrays shouldn't work *exactly* like them apart from > some UBSAN warnings. > > See my point? > > Linus Ouch, offsetof() and sizeof() will give different results in the presence of alignment padding. https://godbolt.org/z/rqnxTK I think, grepping at random, that at least struct scsi_vpd is like this, size is 24 but data[] starts at offset 20. struct scsi_vpd { struct rcu_head rcu; int len; unsigned char data[]; };
