dbus-mempool: Use flexible or zero-length arrays if possible

If the elements field has a fixed nonzero size, accessing elements
beyond that size is technically undefined behaviour, which is caught
by some options of the undefined behaviour sanitizer. Try to use a C99
flexible array, or failing that, a zero-length array (which is a popular
non-standard syntax to achieve the same thing).

dbus 1.15.x has C99 as a requirement, but this commit avoids assuming
C99 in order to make this change backportable to 1.14.x if it becomes
necessary to do so (for example to be able to run tests or fuzzers
against 1.14.x, or if compilers' defaults become more strict).

Signed-off-by: Simon McVittie <smcv@collabora.com>

1 files changed, 15 insertions, 1 deletions

diff --git a/dbus/dbus-mempool.c b/dbus/dbus-mempool.c
index 737cf201..62bfc035 100644
--- a/dbus/dbus-mempool.c
+++ b/dbus/dbus-mempool.c
@@ -65,11 +65,21 @@ struct DBusFreedElement
   DBusFreedElement *next; /**< next element of the free list */
 };
 
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
+#define HAVE_FLEXIBLE_ARRAYS
+#elif defined(__GNUC__) || defined(_MSC_VER)
+#define HAVE_ZERO_LENGTH_ARRAYS
+#endif
+
 /**
  * The dummy size of the variable-length "elements"
  * field in DBusMemBlock
  */
+#if defined(HAVE_FLEXIBLE_ARRAYS) || defined(HAVE_ZERO_LENGTH_ARRAYS)
+#define ELEMENT_PADDING 0
+#else
 #define ELEMENT_PADDING 4
+#endif
 
 /**
  * Typedef for DBusMemBlock so the struct can recursively
@@ -91,7 +101,11 @@ struct DBusMemBlock
   /* this is a long so that "elements" is aligned */
   long used_so_far;     /**< bytes of this block already allocated as elements. */
   
-  unsigned char elements[ELEMENT_PADDING]; /**< the block data, actually allocated to required size */
+#ifdef HAVE_FLEXIBLE_ARRAYS
+  unsigned char elements[];                /**< the block data, actually allocated to required size */
+#else
+  unsigned char elements[ELEMENT_PADDING];
+#endif
 };
 
 /**