mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 11:24:15 +01:00
Don't use STATIC_ASSERT_EXPR on non-GCC-compatible compilers
ARRAY_LENGTH has a portable but unsafe implementation, and a non-portable implementation that causes a compile-time error if the macro is accidentally used on a pointer. The safety check was only implemented for __GCC__-defining compilers, but the part that triggered the compile-time error was always used. It turns out that this part triggers a build warning with MSVC (at least with some versions: observed with Visual Studio 2013). ``` C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\tests\src\psa_crypto_helpers.c(52): error C2220: warning treated as error - no 'object' file generated [C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\mbedtls_test.vcxproj] C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\tests\src\psa_crypto_helpers.c(52): warning C4116: unnamed type definition in parentheses [C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\mbedtls_test.vcxproj] ``` Since a compile-time error is never triggered when the compile-time check for the argument type is not implemented, just use the unsafe macro directly when there's no safety check. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
6b362e6f01
commit
c86a16548c
@ -321,40 +321,45 @@
|
|||||||
mbedtls_exit( 1 ); \
|
mbedtls_exit( 1 ); \
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** \def ARRAY_LENGTH
|
||||||
|
* Return the number of elements of a static or stack array.
|
||||||
|
*
|
||||||
|
* \param array A value of array (not pointer) type.
|
||||||
|
*
|
||||||
|
* \return The number of elements of the array.
|
||||||
|
*/
|
||||||
|
/* A correct implementation of ARRAY_LENGTH, but which silently gives
|
||||||
|
* a nonsensical result if called with a pointer rather than an array. */
|
||||||
|
#define ARRAY_LENGTH_UNSAFE( array ) \
|
||||||
|
( sizeof( array ) / sizeof( *( array ) ) )
|
||||||
|
|
||||||
#if defined(__GNUC__)
|
#if defined(__GNUC__)
|
||||||
/* Test if arg and &(arg)[0] have the same type. This is true if arg is
|
/* Test if arg and &(arg)[0] have the same type. This is true if arg is
|
||||||
* an array but not if it's a pointer. */
|
* an array but not if it's a pointer. */
|
||||||
#define IS_ARRAY_NOT_POINTER( arg ) \
|
#define IS_ARRAY_NOT_POINTER( arg ) \
|
||||||
( ! __builtin_types_compatible_p( __typeof__( arg ), \
|
( ! __builtin_types_compatible_p( __typeof__( arg ), \
|
||||||
__typeof__( &( arg )[0] ) ) )
|
__typeof__( &( arg )[0] ) ) )
|
||||||
#else
|
|
||||||
/* On platforms where we don't know how to implement this check,
|
|
||||||
* omit it. Oh well, a non-portable check is better than nothing. */
|
|
||||||
#define IS_ARRAY_NOT_POINTER( arg ) 1
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* A compile-time constant with the value 0. If `const_expr` is not a
|
/* A compile-time constant with the value 0. If `const_expr` is not a
|
||||||
* compile-time constant with a nonzero value, cause a compile-time error. */
|
* compile-time constant with a nonzero value, cause a compile-time error. */
|
||||||
#define STATIC_ASSERT_EXPR( const_expr ) \
|
#define STATIC_ASSERT_EXPR( const_expr ) \
|
||||||
( 0 && sizeof( struct { unsigned int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) )
|
( 0 && sizeof( struct { unsigned int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) )
|
||||||
|
|
||||||
/* Return the scalar value `value` (possibly promoted). This is a compile-time
|
/* Return the scalar value `value` (possibly promoted). This is a compile-time
|
||||||
* constant if `value` is. `condition` must be a compile-time constant.
|
* constant if `value` is. `condition` must be a compile-time constant.
|
||||||
* If `condition` is false, arrange to cause a compile-time error. */
|
* If `condition` is false, arrange to cause a compile-time error. */
|
||||||
#define STATIC_ASSERT_THEN_RETURN( condition, value ) \
|
#define STATIC_ASSERT_THEN_RETURN( condition, value ) \
|
||||||
( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) )
|
( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) )
|
||||||
|
|
||||||
#define ARRAY_LENGTH_UNSAFE( array ) \
|
|
||||||
( sizeof( array ) / sizeof( *( array ) ) )
|
|
||||||
/** Return the number of elements of a static or stack array.
|
|
||||||
*
|
|
||||||
* \param array A value of array (not pointer) type.
|
|
||||||
*
|
|
||||||
* \return The number of elements of the array.
|
|
||||||
*/
|
|
||||||
#define ARRAY_LENGTH( array ) \
|
#define ARRAY_LENGTH( array ) \
|
||||||
( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \
|
( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \
|
||||||
ARRAY_LENGTH_UNSAFE( array ) ) )
|
ARRAY_LENGTH_UNSAFE( array ) ) )
|
||||||
|
|
||||||
|
#else
|
||||||
|
/* If we aren't sure the compiler supports our non-standard tricks,
|
||||||
|
* fall back to the unsafe implementation. */
|
||||||
|
#define ARRAY_LENGTH( array ) ARRAY_LENGTH_UNSAFE( array )
|
||||||
|
#endif
|
||||||
|
|
||||||
/** Return the smaller of two values.
|
/** Return the smaller of two values.
|
||||||
*
|
*
|
||||||
* \param x An integer-valued expression without side effects.
|
* \param x An integer-valued expression without side effects.
|
||||||
|
Loading…
Reference in New Issue
Block a user