Google makes Linux more secure
Google has taken a proactive step to bolster Linux security with the introduction of the counted_by attribute for flexible array members. This enhancement addresses a critical vulnerability in C programming related to buffer overflows, particularly those involving flexible array members whose sizes are determined at runtime.
Buffer overflows have long been a notorious source of security issues in software development. While sanitizers have mitigated some of these vulnerabilities by automatically inserting bounds checking, flexible array members have remained a challenging exception. The size of these arrays is typically opaque to the compiler, making it difficult to perform bounds checking outside the allocation function.