Add a safety check to ARRAY_LENGTH

Cause a compilation error on ARRAY_LENGTH(p) where p is a pointer as opposed to an array. This only works under GCC and compatible compilers such as Clang. On other compilers, ARRAY_LENGTH works but doesn't check the type of its argument.
2025-06-16 08:00:16 +00:00 · 2018-12-17 23:18:00 +01:00 · 2018-12-17 23:18:00 +01:00 · f055ad7512
parent 3d2f949c86
commit f055ad7512
1 changed files with 34 additions and 2 deletions
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@ -150,9 +150,41 @@ typedef struct data_tag
    mbedtls_exit( 1 );                                             \
 }
-/** Return the number of elements of a static or stack array. */
+#if defined(__GNUC__)
-#define ARRAY_LENGTH( array )                   \
+/* Test if arg and &(arg)[0] have the same type. This is true if arg is
 * an array but not if it's a pointer. */
 #define IS_ARRAY_NOT_POINTER( arg )                                     \
    ( ! __builtin_types_compatible_p( __typeof__( arg ),                \
                                      __typeof__( &( arg )[0] ) ) )
 #else
 /* On platforms where we don't know how to implement this check,
 * omit it. Oh well, a non-portable check is better than nothing. */
 #define IS_ARRAY_NOT_POINTER( arg ) 1
 #endif
 /* A compile-time constant with the value 0. If `const_expr` is not a
 * compile-time constant with a nonzero value, cause a compile-time error. */
 #define STATIC_ASSERT_EXPR( const_expr )                                \
    ( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) )
 /* Return the scalar value `value` (possibly promoted). This is a compile-time
 * constant if `value` is. `condition` must be a compile-time constant.
 * If `condition` is false, arrange to cause a compile-time error. */
 #define STATIC_ASSERT_THEN_RETURN( condition, value )   \
    ( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) )
 #define ARRAY_LENGTH_UNSAFE( array )            \
    ( sizeof( array ) / sizeof( *( array ) ) )
 /** Return the number of elements of a static or stack array.
 *
 * \param array         A value of array (not pointer) type.
 *
 * \return The number of elements of the array.
 */
 #define ARRAY_LENGTH( array )                                           \
    ( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ),         \
                                 ARRAY_LENGTH_UNSAFE( array ) ) )
 /*
 * 32-bit integer manipulation macros (big endian)
 */