What's the correct way to fix stack protector: variable length buffer warning?

Question

I have a series of about 30 functions which use local arrays as such:

void foo() {
  const int array_size = 32;
  char my_array[array_size];

  // .. do stuff
  // (array_size is used multiple times)
}

The code (when compiling with -Wstack-protector) will produce the following warning message:

warning: stack protector not protecting local variables: variable length buffer

So I have two questions:

First, why is my_array considered variable length? Yea, I know why technically, but shouldn't the compiler be smart enough to realize that it isn't really variable length?

Second, what is the most appropriate way to fix this warning? I know I can fix it by doing something like:

void foo() {
  char my_array[32];
  const int array_size = sizeof(my_array) / sizeof(my_array[0]);

  // .. do stuff
  // (array_size is used multiple times)
}

but is there a better, more "correct" way?

Is this C or C++? In C89, I get the variable length buffer warning, but not in C99/11 or C++03/11/14 (with clang). — Cornstalks, Aug 26 '14 at 21:28
See http://stackoverflow.com/questions/1674032/static-const-vs-define-in-c — Jon, Aug 26 '14 at 21:30
Yes, for this current build I'm trying it's C89 (Explains why I'm only seeing them now) — amurka, Aug 26 '14 at 21:35
Must be missing something. I tried clang and gcc -c89 -Wall -Wstack-protector and the above had no warnings. I'm on gcc 4.2.1. Maybe this was fixed. Anyway, you tried static const size_t for the array size? size_t is better than int too. — Goblinhack, Aug 26 '14 at 22:00
Can't reproduce in clang-503.0.40, with either `--std=c89`, `--std=c99`, or no standard specified. — nobody, Aug 26 '14 at 22:17
`char my_array[array_size];` is illegal in C89. (gcc implements it as an extension) — M.M, Aug 27 '14 at 00:01
So maybe I'm not using C89 then??? Or is that why I'm getting the warning? — amurka, Aug 27 '14 at 01:20

score 3 · Answer 1 · answered Aug 26 '14 at 22:24

3

const int array_size = 32;

Does NOT make array_size a constant. It merely means that it cannot be used for assignment as an lvalue. (it's value can be changed otherwise). Therefore it is not allowed as a constant literal in:

char my_array[array_size];

You can either:

#DEFINE array_size  32

or

enum { array_size = 32 };

answered Aug 26 '14 at 22:24

David C. Rankin

81,885
6
58
85

2

No, its value cannot be changed otherwise. Whether it is "a constant" depends on your definition of that term. It is `const`, it is not writable, it is not an *integer constant expression*. – M.M Aug 27 '14 at 00:02

Cléber Oliveira · Answer 2 · 2019-01-18T00:51:49.200

-1

You probably should allocate dynamically your array as:

void foo() {
  const int array_size = 32;
  char *my_array;
  my_array = malloc((array_size)*sizeof(char));
  // .. do stuff
  // (array_size is used multiple times)

  free(my_array);
}

edited Jan 18 '19 at 00:51

answered Jan 16 '19 at 15:04

Cléber Oliveira

119
1
1
8

1

The question is C, not C++. – dbush Jan 16 '19 at 15:07
sorry, thought was c++ – Cléber Oliveira Jan 18 '19 at 00:52

What's the correct way to fix stack protector: variable length buffer warning?

2 Answers2