On Thu, 22 Dec 2022 02:08:42 +0100, Jeremie Courreges-Anglas wrote:
> https://github.com/jcourreges/openbsd-src/commit/4862df383ccb8a8e03d5c11b4f
> b739b6a3a5a7c7
>
> Sadly making the size available in the declaration doesn't seem to be
> clang any smarter (yet?). clang won't warn about passing the address of
> array[10] to a function which access array[15] or so.
>
> I don't care much about the direction we end up using, but specifying
> the size in the declaration isn't insane. We seldom pass a pointers to
> a buffer without an accompanying buffer length.
My objection to adding sizes to the prototype and function declaration
is that it encourages things like:
int foo(char buf[2048])
{
...
snprintf(buf, sizeof(buf), "See spot run, run spot run...");
}
But of course, sizeof(buf) is really sizeof(char *). The compiler
will warn when you do this so perhaps it is not such a big problem.
It still feels like a footgun to me.
- todd
