On Wed, Apr 4, 2018 at 3:21 PM, James Y Knight <jykni...@google.com> wrote:
>
> But allowing random pointer arithmetic, and pointer arithmetic wraparound,
> is still different than asserting that an object _field access_ can
> overflow.
But that's not what the code does.
It never _accessed_ the field. It only looked at the *address* of the field.
So clang got this case wrong:
&(pos)->member != NULL
where that "&" thing is very much important. There was no access. An
access would in fact have been a bug (and was the bug that the
compiler caused, because it removed the check for NULL).
You may consider this an "access", but to me, it's all just pointer
arithmetic, and not in the least different from the kind of pointer
arithmetic that "offsetof()" traditionally does.
So I think your "it's a field access" is just a syntactic argument and
should not semantically be *any* different from doing arithmetic on a
pointer.
Linus
