* [PATCH] ntfs: Replace struct ntfs_name 0-sized array with flexible array
@ 2024-02-16 23:29 Kees Cook
0 siblings, 0 replies; only message in thread
From: Kees Cook @ 2024-02-16 23:29 UTC (permalink / raw)
To: Anton Altaparmakov
Cc: Kees Cook, Namjae Jeon, Gustavo A. R. Silva, linux-ntfs-dev,
linux-hardening, linux-kernel
ntfs_name::name is used as a destination in memcpy(), so it cannot be a
0-sized array any more. Convert it to a flexible array and annotated
with __counted_by, which matches the allocations.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
Cc: Anton Altaparmakov <anton@tuxera.com>
Cc: Namjae Jeon <linkinjeon@kernel.org>
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: linux-ntfs-dev@lists.sourceforge.net
Cc: linux-hardening@vger.kernel.org
---
fs/ntfs/dir.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ntfs/dir.h b/fs/ntfs/dir.h
index 0e326753df40..cafcd339094c 100644
--- a/fs/ntfs/dir.h
+++ b/fs/ntfs/dir.h
@@ -22,7 +22,7 @@ typedef struct {
MFT_REF mref;
FILE_NAME_TYPE_FLAGS type;
u8 len;
- ntfschar name[0];
+ ntfschar name[] __counted_by(len);
} __attribute__ ((__packed__)) ntfs_name;
/* The little endian Unicode string $I30 as a global constant. */
--
2.34.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2024-02-16 23:29 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-16 23:29 [PATCH] ntfs: Replace struct ntfs_name 0-sized array with flexible array Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox