https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116016
--- Comment #47 from Kees Cook <kees at outflux dot net> --- Yes, the counter must be manually set until Linux minimum compiler versions are raised to include counted_by support, but this is about making the transition to using counted_by easier and less prone to bugs. If the allocator is setting the counter (via the new builtin), then it will always be correct for compilers that support counted_by. There will be a later open-coded assignment as well, but that will be optimized away in most cases. Basically, the situation is that when counted_by is added to a struct, all allocations must be identified and corrected manually right now to avoid the sanitizer tripping at runtime. When the allocator can do the setting, this "bad code pattern" goes away. i.e. using counted_by currently introduces a new bad code pattern that is only present for compilers that support counted_by. So if we can solve it in the allocator, the problem goes away. e.g. this code pattern is valid today: p = alloc(count); for (i = 0; i < count; i++) fill(&p->array[i]); p->counter = count; Adding counted_by(counter) to "array" means that suddenly the sanitizer will trip at "fill". While obvious cases where we need to move "p->counter = count" to immediate after the alloc can be found and changed at the time counted_by is added, Linux has a lot of complicated corner cases where allocation and array usage are distant or obfuscated. So, with the builtin being used within the allocator to set counter, now the old code pattern still works (as counter has been initialized early enough), and the duplicate store to p->counter doesn't matter (and may even get optimized away).
