On Aug 17, 2023 Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct sidtab_str_cache. > > [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Paul Moore <paul@xxxxxxxxxxxxxx> > Cc: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > Cc: Eric Paris <eparis@xxxxxxxxxxxxxx> > Cc: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > Cc: selinux@xxxxxxxxxxxxxxx > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > --- > security/selinux/ss/sidtab.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Merged into selinux/next, thanks. -- paul-moore.com