Hi, On Wed, May 01, 2024 at 07:01:22PM +0200, Erick Archer wrote: > Prepare for the coming implementation by GCC and Clang of the > __counted_by attribute. Flexible array members annotated with > __counted_by can have their accesses bounds-checked at run-time via > CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE > (for strcpy/memcpy-family functions). > > Suggested-by: Kees Cook <keescook@xxxxxxxxxxxx> > Signed-off-by: Erick Archer <erick.archer@xxxxxxxxxxx> > --- > include/uapi/linux/sctp.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/uapi/linux/sctp.h b/include/uapi/linux/sctp.h > index b7d91d4cf0db..836173e73401 100644 > --- a/include/uapi/linux/sctp.h > +++ b/include/uapi/linux/sctp.h > @@ -1007,7 +1007,7 @@ enum sctp_sstat_state { > */ > struct sctp_assoc_ids { > __u32 gaids_number_of_ids; > - sctp_assoc_t gaids_assoc_id[]; > + sctp_assoc_t gaids_assoc_id[] __counted_by(gaids_number_of_ids); Crucially, gaids_number_of_ids is assigned before any accesses to gaids_assoc_id[] are made. | ids->gaids_number_of_ids = num; | num = 0; | list_for_each_entry(asoc, &(sp->ep->asocs), asocs) { | ids->gaids_assoc_id[num++] = asoc->assoc_id; | } So this looks good to me. Reviewed-by: Justin Stitt <justinstitt@xxxxxxxxxx> > }; > > /* > -- > 2.25.1 > Thanks Justin