[PATCH 02/32] Introduce flexible array struct memcpy() helpers
Kees Cook
keescook at chromium.org
Thu May 5 19:32:18 UTC 2022
On Thu, May 05, 2022 at 08:16:11AM -0700, Keith Packard wrote:
> Johannes Berg <johannes at sipsolutions.net> writes:
>
> > Yeah, dunno, I guess I'm slightly more on the side of not requiring it,
> > since we don't do the same for kmalloc() etc. and probably really
> > wouldn't want to add kmalloc_s() that does it ;-)
>
> I suspect the number of bugs this catches will be small, but they'll be
> in places where the flow of control is complicated. What we want is to
> know that there's no "real" value already present. I'd love it if we
> could make the macro declare a new name (yeah, I know, mixing
> declarations and code).
I don't think I can do a declaration and an expression statement at the
same time with different scopes, but that would be kind of cool. We did
just move to c11 to gain the in-loop iterator declarations...
> Of course, we could also end up with people writing a wrapping macro
> that sets the variable to NULL before invoking the underlying macro...
I hope it won't come to that! :)
--
Kees Cook
More information about the Linux-security-module-archive
mailing list