Bug 18063 - Gcc doesn't check overflowed size of structure
Summary: Gcc doesn't check overflowed size of structure
Status: NEW
Alias: None
Product: gcc
Classification: Unclassified
Component: c (show other bugs)
Version: 3.4.2
: P3 minor
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords: diagnostic
Depends on:
Blocks:
 
Reported: 2004-10-19 17:20 UTC by mikulas
Modified: 2016-05-18 00:06 UTC (History)
3 users (show)

See Also:
Host: i686-pc-linux-gnu
Target: i686-pc-linux-gnu
Build: i686-pc-linux-gnu
Known to work:
Known to fail: 3.4.2, 5.3.0, 6.1.0, 7.0
Last reconfirmed: 2016-05-17 00:00:00

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description mikulas 2004-10-19 17:20:41 UTC 
The following code compiles and runs, but shouldn't, because the size of
structure a overflows size_t type. Overflowed size is checked for arrays, for
global and local variables, but not for structures.

struct a {
        char x[0x7fffffff];
        char b[0x7fffffff];
        char c[3];
};

main()
{
        struct a *b = malloc(sizeof(struct a));
        return sizeof (struct a);
}
Comment 1 Andrew Pinski 2004-10-19 17:25:49 UTC 
On the mainline we warn:
t68.c:9: warning: integer overflow in expression

So maybe this can be considered fixed.
Comment 2 mikulas 2004-10-19 17:32:19 UTC 
Subject: Re:  Gcc doesn't check overflowed size of structure

If you rewrite it to

int main(void)
{
        size_t c = sizeof(struct a);
        struct a *b = malloc(c);
        return sizeof (struct a);
}

, it doesn't give warning with -W -Wall (except for unused b).

BTW. for array too large it gives error, so I think for structure, it
should too.

Mikulas
Comment 3 Andrew Pinski 2004-10-19 18:30:24 UTC 
Note if you make a global variable of the struct we do error out.
Comment 4 Andrew Pinski 2004-10-20 14:13:37 UTC 
Confirmed.
Comment 5 Andrew Pinski 2005-12-18 01:36:59 UTC 
(In reply to comment #2)
> Subject: Re:  Gcc doesn't check overflowed size of structure
> 
> If you rewrite it to

That is because there is no constant overflow.  Just an overflow at the runtime.
Comment 6 Manuel López-Ibáñez 2006-12-01 00:31:46 UTC 
(In reply to comment #5)
> (In reply to comment #2)
> > Subject: Re:  Gcc doesn't check overflowed size of structure
> > 
> > If you rewrite it to
> 
> That is because there is no constant overflow.  Just an overflow at the
> runtime.
> 

So, is this bug invalid? If not, what is the expect output?
Comment 7 Martin Sebor 2016-05-17 16:58:39 UTC 
Reconfirmed with today's trunk (7.0), 6.1.0, and all prior supported versions.  It seems that it shouldn't be too hard to diagnose either the definition of the struct or the sizeof expression.

$ cat uu.c && /build/gcc-trunk-svn/gcc/xgcc -B /build/gcc-trunk-svn/gcc -Wall -Wextra -Wpedantic -m32 uu.c && ./a.out
struct a {
    char x[0x7fffffff];
    char b[0x7fffffff];
    char c[3];
};

int main()
{
  __builtin_printf ("%zu\n", sizeof (struct a));
  _Static_assert (sizeof (struct a) > sizeof ((struct a*)0)->x, "");
}
uu.c: In function ‘main’:
uu.c:10:37: warning: expression in static assertion is not an integer constant expression [-Wpedantic]
   _Static_assert (sizeof (struct a) > sizeof ((struct a*)0)->x, "");
                   ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
uu.c:10:3: error: static assertion failed: ""
   _Static_assert (sizeof (struct a) > sizeof ((struct a*)0)->x, "");
   ^~~~~~~~~~~~~~
Comment 8 jsm-csl@polyomino.org.uk 2016-05-18 00:06:01 UTC 
I think we should diagnose the definition of the struct (generally, any 
construction of a too-large fixed-size type in any context).