[clang] [Clang] Implement the 'counted_by' attribute (PR #76348)
Kees Cook via cfe-commits
cfe-commits at lists.llvm.org
Tue Jan 9 12:55:01 PST 2024
kees wrote:
> > but the value is nonsense, so we must return 0 so that anything checking lengths will not write anything to the array.
>
> @kees Oh, I see. I did not know such the convention but it makes sense. Is it documented somewhere?
This is new territory (having a multiplier for finding size that may be negative), so there's nothing to document it beyond FORTIFY users needing to maintain safe checks. The only safe size to return for "impossible size" is 0 in this case, otherwise a confused state (negative `count`) can lead to FORTIFY bypasses.
https://github.com/llvm/llvm-project/pull/76348
More information about the cfe-commits
mailing list