[PATCH] shell32: use flexible arrays to avoid fortify failures

Vitaliy Margolen wine-devel at kievinfo.com
Tue Sep 21 09:05:04 CDT 2010

On 09/21/2010 03:43 AM, Marcus Meissner wrote:
> No, its just that the structure is embedded in another structure and gcc 4.5
> only looks at the size of the inner structure for these variable array, and
> so does not see it is large enough allocated.
> (It is kinda in a gray area, but I am tending towards gcc a bit wrong.)

I tend to agree. buffer[1] instead of buffer[] is part of many structures 
for a good reason. It accounts for terminating \0 in strings.

When you allocate such a struct all you have to do is malloc(sizeof(struct) 
+ strlen(string)). With "buffer[]" declaration one have to add extra byte to 
size calculations.

Besides all this doesn't really help you much with compile time checking. 
Compiler either wrongly complains about potential buffer overrun or doesn't 
check the size of the buffer at all. So IMHO disabling this check completely 
or for such structures is a better way to go.


More information about the wine-devel mailing list