On Wed, 22 Oct 2014, Martin Uecker wrote:
Sorry for bringing this up again, but this could work:
void foo(int x, int (*s)[x])
{
(*s)[x] = 1; // - undefined behaviour
Yes, I believe that's undefined (even if the array is part of a larger
object, as the same principle as An
Sorry for bringing this up again, but this could work:
void foo(int x, int (*s)[x])
{
(*s)[x] = 1;// - undefined behaviour
}
Such an access beyond the specified length means that either
1. the array is accessed out-of-bounds or
2. was accessed using an incompatible pointer
and a
On 09/02/2014 11:22 PM, James Nelson wrote:
This is error-prone because even though a size parameter is given, the code
in the function has no requirement to enforce it. With a bounded array
type, the prototype looks like this:
buf *foo(char buf[sz], size_t sz);
GCC already has a syntax
On Wed, 3 Sep 2014, Florian Weimer wrote:
On 09/02/2014 11:22 PM, James Nelson wrote:
This is error-prone because even though a size parameter is given, the code
in the function has no requirement to enforce it. With a bounded array
type, the prototype looks like this:
buf *foo(char
On 09/03/2014 05:20 PM, Joseph S. Myers wrote:
On Wed, 3 Sep 2014, Florian Weimer wrote:
On 09/02/2014 11:22 PM, James Nelson wrote:
This is error-prone because even though a size parameter is given, the code
in the function has no requirement to enforce it. With a bounded array
type
On Wed, 3 Sep 2014, Florian Weimer wrote:
If you declare the size as [static sz] then
that means it points to an array of at least that size, but it could be
larger.
GCC does not seem to enforce that. This compiles without errors:
[static] is about optimization (but GCC doesn't
A recurring error in C (and to a lesser extent C++) is the lack of bounds
checking in arrays. One famous instance of this error was the Heartbleed
incident (which could also be blamed on messy code).
I propose a GCC extension of a bounded array type. A bounded array is an
array type that has
