Flexible array members are not standard C++ #9020

gilles-peskine-arm · 2024-04-09T13:31:44Z

Since Mbed TLS 3.6.0, one of the types declared in an Mbed TLS header is a struct with a flexible array member: typedef struct psa_key_production_parameters_s psa_key_production_parameters_t.

struct psa_key_production_parameters_s {
    /* Future versions may add other fields in this structure. */
    uint32_t flags;
    uint8_t data[];
};

This is standard C99, but not standard C++ (any version), although many compilers accept it.

3.6.0 % echo '#include <psa/crypto.h>' | g++ -c -I include -std=c++2a -x c++ -
3.6.0 % echo '#include <psa/crypto.h>' | g++ -c -I include -std=c++2a -pedantic -x c++ -
In file included from include/psa/crypto.h:4828,
                 from <stdin>:1:
include/psa/crypto_struct.h:229:13: warning: ISO C++ forbids flexible array member ‘data’ [-Wpedantic]
  229 |     uint8_t data[];
      |             ^~~~
3.6.0 % echo '#include <psa/crypto.h>' | clang++ -c -I include -std=c++2a -x c++ -
3.6.0 % echo '#include <psa/crypto.h>' | clang++ -c -I include -std=c++2a -pedantic -x c++ -
In file included from <stdin>:1:
In file included from include/psa/crypto.h:4828:
include/psa/crypto_struct.h:229:13: warning: flexible array members are a C99 feature [-Wc99-extensions]
    uint8_t data[];
            ^
1 warning generated.

First reported here.

Importance:

Although we only advertise Mbed TLS as a C library, it is generally accepted that the headers of a C library can be consumed by a C++ compiler, and we do have a test that checks that C++ builds work (currently using GCC in non-pedantic mode, but that's originally not by design, just because we didn't think of adding -pedantic; currently partly by design because of other non-strict-C++-compliance that we'd also like to fix).
This evidently impacts many users, given that it was one of the first things reported after the 3.6 release.
Many projects like to invoke their compiler in pedantic mode. Disabling pedantic for the sake of the Mbed TLS headers would also potentially hide other desired errors.
Most C++ compilers do include a C99 compiler and are capable of mixing C99 and C++ features. However this is not the case for all of them. On Godbolt, I could only find one compiler that doesn't accept a flexible array member with its default command line: EDG C++, which claims C++17 and C90 but not C99 support.

Goal of this issue: find a solution so that at least users who don't call psa_generate_key_ext, and so don't actually need struct psa_key_production_parameters_s, can compile their C++ application with a strict C++ compiler that doesn't support flexible array members. This must be done without an API change for users who are building with a C99 compiler.

Validation: g++ -std=c++17 -pedantic and clang++ -std=c++17 -pedantic, ideally on the CI, but at least manually if we haven't fixed #7087.

The text was updated successfully, but these errors were encountered:

The reason these functions are deprecated is that they cause strict C++ compilers to error out, since they use a struct type with a flexible array member and that is not standard C++. Resolves Mbed-TLS#9020. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>