dbus-mempool: Use flexible or zero-length arrays if possible

If the elements field has a fixed nonzero size, accessing elements
beyond that size is technically undefined behaviour, which is caught
by some options of the undefined behaviour sanitizer. Try to use a C99
flexible array, or failing that, a zero-length array (which is a popular
non-standard syntax to achieve the same thing).

dbus 1.15.x has C99 as a requirement, but this commit avoids assuming
C99 in order to make this change backportable to 1.14.x if it becomes
necessary to do so (for example to be able to run tests or fuzzers
against 1.14.x, or if compilers' defaults become more strict).

Signed-off-by: Simon McVittie <smcv@collabora.com>

diff --git a/dbus/dbus-mempool.c b/dbus/dbus-mempool.c
index 737cf201e5e4e45d71baba0b42032b92db21f30f..62bfc0352c9a9ad030762c05f9c54658a11de7a1 100644 (file)
--- a/dbus/dbus-mempool.c
+++ b/dbus/dbus-mempool.c
@@ -65,11 +65,21 @@ struct DBusFreedElement
   DBusFreedElement *next; /**< next element of the free list */
 };
 
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
+#define HAVE_FLEXIBLE_ARRAYS
+#elif defined(__GNUC__) || defined(_MSC_VER)
+#define HAVE_ZERO_LENGTH_ARRAYS
+#endif
+
 /**
  * The dummy size of the variable-length "elements"
  * field in DBusMemBlock
  */
+#if defined(HAVE_FLEXIBLE_ARRAYS) || defined(HAVE_ZERO_LENGTH_ARRAYS)
+#define ELEMENT_PADDING 0
+#else
 #define ELEMENT_PADDING 4
+#endif
 
 /**
  * Typedef for DBusMemBlock so the struct can recursively
@@ -91,7 +101,11 @@ struct DBusMemBlock
   /* this is a long so that "elements" is aligned */
   long used_so_far;     /**< bytes of this block already allocated as elements. */
   
-  unsigned char elements[ELEMENT_PADDING]; /**< the block data, actually allocated to required size */
+#ifdef HAVE_FLEXIBLE_ARRAYS
+  unsigned char elements[];                /**< the block data, actually allocated to required size */
+#else
+  unsigned char elements[ELEMENT_PADDING];
+#endif
 };
 
 /**