On Wed, Oct 18, 2023 at 09:11:43PM +0000, Qing Zhao wrote: > As I replied to Martin in another email, I plan to do the following to > resolve this issue: > > 1. No specification for signed or unsigned for counted_by field. > 2. Add a sanitizer option -fsanitize=counted-by-bound to catch the cases when > the size of the counted-by is not positive.
I don't understand why this needs to be a runtime sanitizer. The signedness is known at compile time, so I would expect a -W option. Or do you mean you'd split up -fsanitize=bounds between unsigned and signed indexes? I'd find that kind of awkward for the kernel... but I feel like I've misunderstood something. :) -Kees -- Kees Cook