Re: [RESEND PATCH v2] params: Annotate struct module_param_attrs with __counted_by()

From: Kees Cook
Date: Tue Sep 17 2024 - 07:43:42 EST

Next message: syzbot: "[syzbot] [ppp?] possible deadlock in ppp_input"
Previous message: André Draszik: "Re: [PATCH 2/2] regulator: max20339: add Maxim MAX20339 regulator driver"
In reply to: Bill Wendling: "Re: [RESEND PATCH v2] params: Annotate struct module_param_attrs with __counted_by()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Sep 16, 2024 at 02:45:47AM -0700, Bill Wendling wrote:
> The 4294967295 simply means "I don't know." There's probably a bug in
> the size calculation. I'll look into it.

I was able to build a minimized PoC, if that's helpful:

https://godbolt.org/z/qohGd5xh1

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

struct variable {
int a;
int b;
int length;
short array[] __attribute__((counted_by(length)));
};

struct bucket {
int a;
struct variable *growable;
int b;
};

int main(int argc, char *argv[])
{
struct bucket *p;
struct variable *v;

p = malloc(sizeof(*p));
v = malloc(sizeof(*p->growable) + sizeof(*p->growable->array) * 32);
v->length = 32;

printf("%zu\n", __builtin_dynamic_object_size(v->array, 1));

p->growable = v;
printf("%zu\n", __builtin_dynamic_object_size(p->growable->array, 1));

return 0;
}

GCC shows 64 64, but Clang shows 64 0.

--
Kees Cook

Next message: syzbot: "[syzbot] [ppp?] possible deadlock in ppp_input"
Previous message: André Draszik: "Re: [PATCH 2/2] regulator: max20339: add Maxim MAX20339 regulator driver"
In reply to: Bill Wendling: "Re: [RESEND PATCH v2] params: Annotate struct module_param_attrs with __counted_by()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]