On Aug 17, 2023 Kees Cook <keesc...@chromium.org> wrote: > > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct sidtab_str_cache. > > [1] > https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Paul Moore <p...@paul-moore.com> > Cc: Stephen Smalley <stephen.smalley.w...@gmail.com> > Cc: Eric Paris <epa...@parisplace.org> > Cc: Ondrej Mosnacek <omosn...@redhat.com> > Cc: seli...@vger.kernel.org > Signed-off-by: Kees Cook <keesc...@chromium.org> > --- > security/selinux/ss/sidtab.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-)
Merged into selinux/next, thanks. -- paul-moore.com