Add a safety check to ARRAY_LENGTH

Cause a compilation error on ARRAY_LENGTH(p) where p is a pointer as opposed to an array. This only works under GCC and compatible compilers such as Clang. On other compilers, ARRAY_LENGTH works but doesn't check the type of its argument.
2024-11-23 03:55:44 +01:00 · 2018-12-17 23:18:00 +01:00 · 2018-12-17 23:18:00 +01:00 · f055ad7512
commit f055ad7512
parent 3d2f949c86
1 changed files with 34 additions and 2 deletions
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@ -150,9 +150,41 @@ typedef struct data_tag
    mbedtls_exit( 1 );                                             \
 }

-/** Return the number of elements of a static or stack array. */
-#define ARRAY_LENGTH( array )                   \
+#if defined(__GNUC__)
+/* Test if arg and &(arg)[0] have the same type. This is true if arg is
+ * an array but not if it's a pointer. */
+#define IS_ARRAY_NOT_POINTER( arg )                                     \
+    ( ! __builtin_types_compatible_p( __typeof__( arg ),                \
+                                      __typeof__( &( arg )[0] ) ) )
+#else
+/* On platforms where we don't know how to implement this check,
+ * omit it. Oh well, a non-portable check is better than nothing. */
+#define IS_ARRAY_NOT_POINTER( arg ) 1
+#endif
+
+/* A compile-time constant with the value 0. If `const_expr` is not a
+ * compile-time constant with a nonzero value, cause a compile-time error. */
+#define STATIC_ASSERT_EXPR( const_expr )                                \
+    ( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) )
+/* Return the scalar value `value` (possibly promoted). This is a compile-time
+ * constant if `value` is. `condition` must be a compile-time constant.
+ * If `condition` is false, arrange to cause a compile-time error. */
+#define STATIC_ASSERT_THEN_RETURN( condition, value )   \
+    ( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) )
+
+#define ARRAY_LENGTH_UNSAFE( array )            \
    ( sizeof( array ) / sizeof( *( array ) ) )
+/** Return the number of elements of a static or stack array.
+ *
+ * \param array         A value of array (not pointer) type.
+ *
+ * \return The number of elements of the array.
+ */
+#define ARRAY_LENGTH( array )                                           \
+    ( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ),         \
+                                 ARRAY_LENGTH_UNSAFE( array ) ) )
+
+
 /*
 * 32-bit integer manipulation macros (big endian)
 */