Improving GCC Buffer Overflow Detection for C Flexible Array Members (Oracle)

The Oracle blog has alengthy article on enhancements to GCC to help detect overflows offlexible array members (FAMs) in C programs.

We describe here two new GNU extensions which specify sizeinformation for FAMs. These are a new attribute,"counted_by" and a new builtin function,"__builtin_counted_by_ref". Both extensions can be used inGNU C applications to specify size information for FAMs, improvingthe buffer overflow detection for FAMs in general.

This work has been covered on LWN as well.