Add the __counted_by compiler attribute to the flexible array member salt to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and CONFIG_FORTIFY_SOURCE. Reviewed-by: Kees Cook <kees@xxxxxxxxxx> Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxxx> --- Changes in v2: - Drop using struct_size_t() as suggested by Eric Biggers and Kees Cook - Link to v1: https://lore.kernel.org/linux-kernel/20240805175237.63098-2-thorsten.blum@xxxxxxxxxx/ --- crypto/chacha20poly1305.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/chacha20poly1305.c b/crypto/chacha20poly1305.c index 9e4651330852..d740849f1c19 100644 --- a/crypto/chacha20poly1305.c +++ b/crypto/chacha20poly1305.c @@ -27,7 +27,7 @@ struct chachapoly_ctx { struct crypto_ahash *poly; /* key bytes we use for the ChaCha20 IV */ unsigned int saltlen; - u8 salt[]; + u8 salt[] __counted_by(saltlen); }; struct poly_req { -- 2.45.2
