This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PR19351, C++] Fix heap overflow in operator new[]
- From: Mark Mitchell <mark at codesourcery dot com>
- To: Florian Weimer <fw at deneb dot enyo dot de>
- Cc: gcc-patches at gcc dot gnu dot org, Jason Merrill <jason at redhat dot com>
- Date: Sat, 05 Feb 2011 14:20:36 -0800
- Subject: Re: [PR19351, C++] Fix heap overflow in operator new[]
- References: <873a1eydec.fsf@mid.deneb.enyo.de> <87d3noemb8.fsf@mid.deneb.enyo.de> <87sjw7igbw.fsf@mid.deneb.enyo.de>
On 2/1/2011 1:40 PM, Florian Weimer wrote:
>>> With this change, the size calculations are performed using
>>> saturating arithmetic. If the value cannot be represented exactly,
>>> ::operator new(size_t) is invoked with size_t(-1)
Purely as a point of semantic clarity, instead of talking about
size_t(-1) we should be talking about std::limits<size_t>::max(). It
was confusing to me to think about using a negative value in this context.
This doesn't seem like a good default to me. It will penalize code that
doesn't need the check and cause GCC to be perceived negatively in
space-constrained environments; we'll generate worse code that competing
compilers. In general, in C/C++, we don't check for overflow, leaving
that to the application; I don't see a reason that it's inherently more
important to have the compiler generate checking code for new than
elsewhere.
But, it does seem like a useful mode for some applications. So, it
makes sense to me to add an option for this.
Thank you,
--
Mark Mitchell
CodeSourcery
mark@codesourcery.com
(650) 331-3385 x713