From 1a75d58325492e3c48576b1f560f22ef3d81dacb Mon Sep 17 00:00:00 2001
From: Andre Maroneze <andre.oliveiramaroneze@cea.fr>
Date: Fri, 30 Aug 2019 18:33:09 +0200
Subject: [PATCH] [Cabs2cil] fix crash due to align attribute in FAM

---
 src/kernel_internals/typing/cabs2cil.ml    | 10 +++++++++-
 tests/misc/oracle/pragma-pack.0.res.oracle | 10 ++++++++++
 tests/misc/pragma-pack.c                   |  8 ++++++++
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/src/kernel_internals/typing/cabs2cil.ml b/src/kernel_internals/typing/cabs2cil.ml
index a8012c9c465..b6660cac117 100644
--- a/src/kernel_internals/typing/cabs2cil.ml
+++ b/src/kernel_internals/typing/cabs2cil.ml
@@ -613,7 +613,15 @@ let process_pragmas_pack_align_field_attributes fi fattrs cattr =
            Drop existing "aligned" attributes, if there are invalid ones. *)
         if Cil.hasAttribute "packed" cattr then (dropAttribute "aligned" fattrs)
         else begin
-          let align = Integer.(min n (of_int (Cil.bytesSizeOf fi.ftype))) in
+          let sizeof_type =
+            match Cil.unrollType fi.ftype with
+            | TArray (_, None, _, _) ->
+              (* flexible array member: use size of pointer *)
+              Cil.bitsSizeOf theMachine.upointType
+            | _ ->
+              Cil.bytesSizeOf fi.ftype
+          in
+          let align = Integer.(min n (of_int sizeof_type)) in
           Kernel.feedback ~dkey:Kernel.dkey_typing_pragma ~current:true
             "adding aligned(%a) attribute to field '%s.%s' due to packing pragma"
             (Integer.pretty ~hexa:false) align fi.fcomp.cname fi.fname;
diff --git a/tests/misc/oracle/pragma-pack.0.res.oracle b/tests/misc/oracle/pragma-pack.0.res.oracle
index 4ca3caef6f2..8688b345c3b 100644
--- a/tests/misc/oracle/pragma-pack.0.res.oracle
+++ b/tests/misc/oracle/pragma-pack.0.res.oracle
@@ -167,6 +167,16 @@
   adding aligned(2) attribute to comp '__anonstruct_test7_2_14' due to packing pragma
 [kernel:typing:pragma] tests/misc/pragma-pack.c:252: 
   packing pragma: popped alignment 16
+[kernel:typing:pragma] tests/misc/pragma-pack.c:336: 
+  packing pragma: pushing alignment 16, setting alignment to 1
+[kernel:typing:pragma] tests/misc/pragma-pack.c:337: 
+  adding aligned(1) attribute to field '__anonstruct_barcode_bmp_t_18.len' due to packing pragma
+[kernel:typing:pragma] tests/misc/pragma-pack.c:337: 
+  adding aligned(1) attribute to field '__anonstruct_barcode_bmp_t_18.data' due to packing pragma
+[kernel:typing:pragma] tests/misc/pragma-pack.c:337: 
+  adding aligned(1) attribute to comp '__anonstruct_barcode_bmp_t_18' due to packing pragma
+[kernel:typing:pragma] tests/misc/pragma-pack.c:341: 
+  packing pragma: popped alignment 16
 [eva] Analyzing a complete application starting at main
 [eva] Computing initial state
 [eva] Initial state computed
diff --git a/tests/misc/pragma-pack.c b/tests/misc/pragma-pack.c
index 533115f5deb..4d81f069887 100644
--- a/tests/misc/pragma-pack.c
+++ b/tests/misc/pragma-pack.c
@@ -332,6 +332,14 @@ void tests2() {
   TEST(test8);
 }
 
+// Test resilience to crash due to align() attribute in flexible array member
+#pragma pack(push, 1)
+typedef struct {
+  int len;
+  unsigned char data[];
+} barcode_bmp_t;
+#pragma pack(pop)
+
 #ifndef __GNUC__
 // For MSVC testing on Visual C++
 int _tmain(int argc, _TCHAR* argv[]) {
-- 
GitLab