Bug 68107 - Non-VLA type whose size is half or more of the address space constructed via a pointer
Summary: Non-VLA type whose size is half or more of the address space constructed via ...
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: c (show other bugs)
Version: 5.2.0
: P3 normal
Target Milestone: 6.0
Assignee: Marek Polacek
URL:
Keywords: accepts-invalid, wrong-code
Depends on:
Blocks:
 
Reported: 2015-10-26 23:51 UTC by Alexander Cherepanov
Modified: 2023-10-27 17:57 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2015-10-27 00:00:00

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Cherepanov 2015-10-26 23:51:35 UTC 
Due to an overflow in size calculation the following (seemingly reasonable) program compiles fine, allocates too small array and crashes in a loop:

#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>

#define N (SIZE_MAX / sizeof(int) + 2)

int main(void)
{
  int (*p)[N];
  printf("%zu\n", sizeof *p);
  p = malloc(sizeof *p);
  if (!p)
    return 1;
  for (size_t i = 0; i < N; i++)
    (*p)[i] = 1;

  return 0;
}

According to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68065#c4 : "Any construction of a non-VLA type whose size is half or more of the address space should receive a compile-time error, like you get if you don't use a pointer here."
Comment 1 jsm-csl@polyomino.org.uk 2015-10-27 00:11:49 UTC 
grokdeclarator seems to check the declared size of an array (when 
processing an array declarator) - that is, the size counted in array 
elements - and then has a separate check for the size in bytes only when 
the final type of the full declarator is an array type.  I think the check 
on the size in bytes needs moving up to check every non-VLA complete array 
type constructed in the course of processing the declarator.
Comment 2 Marek Polacek 2015-11-09 16:18:59 UTC 
The same seems to apply for the C++ FE as well.
Comment 3 Marek Polacek 2015-11-11 14:47:35 UTC 
Author: mpolacek
Date: Wed Nov 11 14:47:03 2015
New Revision: 230174

URL: https://gcc.gnu.org/viewcvs?rev=230174&root=gcc&view=rev
Log:
	PR c/68107
	PR c++/68266
	* c-common.c (valid_array_size_p): New function.
	* c-common.h (valid_array_size_p): Declare.

	* c-decl.c (grokdeclarator): Call valid_array_size_p.  Remove code
	checking the size of an array.

	* decl.c (grokdeclarator): Call valid_array_size_p.  Remove code
	checking the size of an array.

	* c-c++-common/pr68107.c: New test.
	* g++.dg/init/new38.C (large_array_char): Adjust dg-error.
	(large_array_char_template): Likewise.
	* g++.dg/init/new44.C: Adjust dg-error.

Added:
    trunk/gcc/testsuite/c-c++-common/pr68107.c
Modified:
    trunk/gcc/c-family/ChangeLog
    trunk/gcc/c-family/c-common.c
    trunk/gcc/c-family/c-common.h
    trunk/gcc/c/ChangeLog
    trunk/gcc/c/c-decl.c
    trunk/gcc/cp/ChangeLog
    trunk/gcc/cp/decl.c
    trunk/gcc/testsuite/ChangeLog
    trunk/gcc/testsuite/g++.dg/init/new38.C
    trunk/gcc/testsuite/g++.dg/init/new44.C
Comment 4 Marek Polacek 2015-11-11 14:48:06 UTC 
Should be fixed.