|
|
|
|
|
|
by kazinator
1117 days ago
|
|
|
The expansion of the AT macro seems a bit bloated: #define AT(NAME, IDX) \
((typeof(&(*NAME)[0])) \
((ASSERT(((size_t)IDX) * sizeof(*NAME)[0] < sizeof *NAME, \
"Buffer Overflow. Index [%lu] is out of range [0-%lu]", \
((size_t)IDX), ((sizeof *NAME / sizeof(*NAME)[0]) - 1))), \
((uchar *)*NAME) + ((size_t)IDX) * sizeof(*NAME)[0]))
Some of this might be pushed into non-inlined run-time
support function. That could be static and defined in the
header, to keep it header-only, but ideally there would be a .c
file so it's defined only once.When you factor in the definition of ASSERT, and the ERRLOG macro that is using, it's a lot of cruft for just one array access. Some compile-time options (via preprocessor macros) to control the bloat would be useful; e.g. a way of compiling it so that AT will just predictably crash, without a detailed error message with __FILE__ and __LINE__ and all. Basically just the check, with a branch to some code that calls abort() if it's out of bounds. |
|
|