ecryptfs: Annotate struct ecryptfs_message with __counted_by

toblux · kees · commit cc34c669abe0 · 2026-01-14T14:43:19.000-08:00
Add the __counted_by() compiler attribute to the flexible array member 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and CONFIG_FORTIFY_SOURCE. Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Acked-by: Tyler Hicks <code@tyhicks.com> Link: https://patch.msgid.link/20260112115314.739612-2-thorsten.blum@linux.dev Signed-off-by: Kees Cook <kees@kernel.org>
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
@@ -359,7 +359,7 @@ struct ecryptfs_message {
 	/* Inherits from msg_ctx->index */
 	u32 index;
 	u32 data_len;
-	u8 data[];
+	u8 data[] __counted_by(data_len);
 };
 
 struct ecryptfs_msg_ctx {
