On Thu, May 01, 2025 at 07:58:53PM +0200, Jan Hendrik Farr wrote:
> So let's say you have a simple struct like so:
>
> struct foo{
> int val_len;
> char val[] __counted_by(val_len);
> }
>
> If val_len is 10 then foo->val[10] will be considered out of bounds.
> Even if you did a malloc for enough space.Correct. The "counted_by" attribute takes precedence over the "alloc_size" attribute (which is also generally limited only to the function-scope where the allocation takes place). -- Kees Cook
