Post Syndicated from original https://lwn.net/Articles/921799/

Kees Cook has posted a
detailed document describing the work to improve safety of
flexible-length arrays
in the kernel.

Converting such codebases to use “modern” language features, like
those in C99 (still from the prior millennium), can be a major
challenge, but it is an entirely tractable problem. This post is a
deep dive into an effort underway in the Linux kernel to make array
index overflows (and more generally, buffer overflows) a thing of
the past, where they belong. Our success hinges on replacing
anachronistic array definitions with well-defined C99 flexible
arrays.

This work has been covered here as well.