On Thu, 22 Dec 2022 02:08:42 +0100, Jeremie Courreges-Anglas wrote: > https://github.com/jcourreges/openbsd-src/commit/4862df383ccb8a8e03d5c11b4f > b739b6a3a5a7c7 > > Sadly making the size available in the declaration doesn't seem to be > clang any smarter (yet?). clang won't warn about passing the address of > array[10] to a function which access array[15] or so. > > I don't care much about the direction we end up using, but specifying > the size in the declaration isn't insane. We seldom pass a pointers to > a buffer without an accompanying buffer length.
My objection to adding sizes to the prototype and function declaration is that it encourages things like: int foo(char buf[2048]) { ... snprintf(buf, sizeof(buf), "See spot run, run spot run..."); } But of course, sizeof(buf) is really sizeof(char *). The compiler will warn when you do this so perhaps it is not such a big problem. It still feels like a footgun to me. - todd