[Bug c++/19351] operator new[] can return heap blocks which are too small
felix-gcc at fefe dot de
gcc-bugzilla@gcc.gnu.org
Tue Apr 1 21:25:00 GMT 2008
------- Comment #15 from felix-gcc at fefe dot de 2008-04-01 21:24 -------
I think we can all agree it does not matter what we call this problem.
Real world programs have security problems because of this.
-fstack-protector carries a much larger run-time cost and gcc still offers it,
and there is even less grounds to argue by any C or C++ standard that it's not
the programmer's fault. gcc still offers it.
As mentioned in the other bug, Microsoft Visual C++ already does this check.
They do it like this. After the multiplication they check of the overflow flag
is set, which on x86 indicates the result does not fit in the lower 32 bits.
If so, instead of the truncated value it passes (size_t)-1 the operator new,
which causes that operator new to fail (in the default case at least, a user
may define its own operator new and that one might still return something).
My favorite solution would be for the code to fail immediately. Throw an
exception or return NULL, depending on which operator new the program called.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351
More information about the Gcc-bugs
mailing list