September 15 - 16, 2022 | Dublin, Ireland + Virtual
View More Details & Registration Information
Note: The schedule is subject to change.

Please note all session times are listed in Irish Standard Time (IST), UTC +1.
To view the schedule at your preferred time, please choose your location on the right-hand navigation panel under ’Timezone.’

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Linux Security Summit Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Back To Schedule
Thursday, September 15 • 10:25 - 11:10
Flexible Array Transformations and Array-bounds Checking - Gustavo A. R. Silva, The Linux Foundation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Having a dynamically-sized trailing array at the end of a structure is a useful code construct in the Linux kernel. However, the lack of proper bounds-checking on such objects is concerning and worth making an effort to remediate it. This presentation is about the different strategies we, in the Kernel Self-Protection Project, have been following along the last couple of years to transform trailing zero-length and one-element arrays into modern C99 flexible-array members, and the problems we have run into in the process. We will touch on how this work is closely related and helpful to the most recent efforts to hardening key APIs like memcpy() and globally enabling options like -Warray-bounds. We will explain how we've been addressing the particularly challenging one-element array into flexible-array member transformations in UAPI. Also, we'll see how the fact that compilers like GCC have historically treated all trailing arrays, no matter what their size, as flexible-sized arrays, is problematic and causes trouble when it comes to perform proper array-bounds checking on such objects, and how the introduction of a new option like -fstrict-flex-arrays could help.

avatar for Gustavo A. R. Silva

Gustavo A. R. Silva

Upstream Linux Kernel Engineer, The Linux Foundation
Gustavo works full-time as an upstream Linux kernel Engineer, focused on security. Over the last years, he’s been hunting and fixing all sorts of bugs and issues all over the kernel tree. He is an active contributor to the Kernel Self-Protection Project and his work is supported... Read More →

Thursday September 15, 2022 10:25 - 11:10 IST
Liffey A (Level 1)
  Refereed Presentations
  • Speaker Details In Person
  • Presentation Slides Attached Yes