udf: Annotate struct udf_bitmap with __counted_by

Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).

As found with Coccinelle[1], add __counted_by for struct udf_bitmap.

[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci

Cc: Jan Kara <jack@suse.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Jan Kara <jack@suse.cz>
Message-Id: <20230915201404.never.574-kees@kernel.org>

diff --git a/fs/udf/udf_sb.h b/fs/udf/udf_sb.h
index 9af6ff7f9747242092fcc299e9c3deb3a9e7800b..f9a60bc1abcfc73edd5c3583de680fe17b2b5799 100644 (file)
--- a/fs/udf/udf_sb.h
+++ b/fs/udf/udf_sb.h
@@ -86,7 +86,7 @@ struct udf_virtual_data {
 struct udf_bitmap {
        __u32                   s_extPosition;
        int                     s_nr_groups;
-       struct buffer_head      *s_block_bitmap[];
+       struct buffer_head      *s_block_bitmap[] __counted_by(s_nr_groups);
 };
 
 struct udf_part_map {