On Thu Jan 18 13:19:18 2024 +0000, Rémi Bernon wrote:
Which is the point of asserting the struct size: it will be impossible to mis-allocate if it doesn't have implicit padding, and make undefined behavior impossible to happen, and that regardless how you do the allocation. Then we do such allocations very consistently using offsetof, which makes sure that any type change of the array will be handled properly.
I would argue using `offsetof` to allocate is the bad practice here. Because it needs the assert there to be correct (what if you forget?), whereas `sizeof + sizeof` is always undefined behavior free. And the assert there is bad for portability.
And there are places where there are missing asserts:
https://gitlab.winehq.org/wine/wine/-/blob/master/dlls/dmsynth/synth.c?ref_t...