Cook: Bounded flexible arrays in C

Post Syndicated from corbet original

Kees Cook has posted a
detailed document
describing the work to improve safety of
flexible-length arrays
in the kernel.

Converting such codebases to use “modern” language features, like
those in C99 (still from the prior millennium), can be a major
challenge, but it is an entirely tractable problem. This post is a
deep dive into an effort underway in the Linux kernel to make array
index overflows (and more generally, buffer overflows) a thing of
the past, where they belong. Our success hinges on replacing
anachronistic array definitions with well-defined C99 flexible

This work has been covered here as well.