[Bug sanitizer/68065] Size calculations for VLAs can overflow

Sat Nov 21 00:45:00 GMT 2015

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68065

--- Comment #35 from Alexander Cherepanov <ch3root at openwall dot com> ---
On 2015-11-20 04:06, joseph at codesourcery dot com wrote:
>> What does the following mean then?
>>
>> C11, 4p5:
>> "A strictly conforming program[...] It [...] shall not exceed any
>> minimum implementation limit."
>
> It's well-known that, if you read the standard literally, strictly
> conforming programs may not exist;

I've heard about such a POV but I don't think I've seen a compelling 
reasoning backing it. The definition of a strictly conforming program 
depends only on requirement of the standard, it's not affected by 
properties of existing implementations.

Take e.g. "shall not exceed any minimum implementation limit" part. It 
talks about _minimum_ implementation limits which presumably refer to 
5.2.4.1. It doesn't say "shall not exceed any implementation limit of 
any implementation". The fact that gcc limits objects to 2^31-1 bytes on 
32-bits platforms is not relevant to a strictly conforming program, it 
should not exceed a _minimum_ implementation limit of 65535 bytes. 
Implementation don't define _minimum_ implementation limits.

The fact that the standard doesn't limit depth of recursion, as 
described e.g. in part VI of N1637, doesn't mean there are no strictly 
conforming program, it means that are no conforming implementations. And 
it would be nice if existing implementations try to be more conforming 
and at least try to detect such things.

> too much is unspecified or
> implementation-defined (including, in general, limits on supported
> programs;  cf 1#2 "This International Standard does not specify ... the
> size or complexity of a program and its data that will exceed the capacity
> of any specific data-processing system or the capacity of a particular
> processor").

Yes, the standard doesn't describe if a particular processor is suitable 
for building a conforming implementation. But it doesn't affect which 
programs are strictly conforming.

> In general, you can only reason about C programs conditional on the
> program not exceeding any implementation limit.

Yeah, in practice, it's not very important whether strictly conforming 
programs don't exist or conforming implementations:-) But it could 
affect views on responsibility of implementations to diagnose such bad 
situations as stack exhaustion.