[Bug sanitizer/68065] Size calculations for VLAs can overflow
ch3root at openwall dot com
gcc-bugzilla@gcc.gnu.org
Sat Nov 21 00:45:00 GMT 2015
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68065
--- Comment #35 from Alexander Cherepanov <ch3root at openwall dot com> ---
On 2015-11-20 04:06, joseph at codesourcery dot com wrote:
>> What does the following mean then?
>>
>> C11, 4p5:
>> "A strictly conforming program[...] It [...] shall not exceed any
>> minimum implementation limit."
>
> It's well-known that, if you read the standard literally, strictly
> conforming programs may not exist;
I've heard about such a POV but I don't think I've seen a compelling
reasoning backing it. The definition of a strictly conforming program
depends only on requirement of the standard, it's not affected by
properties of existing implementations.
Take e.g. "shall not exceed any minimum implementation limit" part. It
talks about _minimum_ implementation limits which presumably refer to
5.2.4.1. It doesn't say "shall not exceed any implementation limit of
any implementation". The fact that gcc limits objects to 2^31-1 bytes on
32-bits platforms is not relevant to a strictly conforming program, it
should not exceed a _minimum_ implementation limit of 65535 bytes.
Implementation don't define _minimum_ implementation limits.
The fact that the standard doesn't limit depth of recursion, as
described e.g. in part VI of N1637, doesn't mean there are no strictly
conforming program, it means that are no conforming implementations. And
it would be nice if existing implementations try to be more conforming
and at least try to detect such things.
> too much is unspecified or
> implementation-defined (including, in general, limits on supported
> programs; cf 1#2 "This International Standard does not specify ... the
> size or complexity of a program and its data that will exceed the capacity
> of any specific data-processing system or the capacity of a particular
> processor").
Yes, the standard doesn't describe if a particular processor is suitable
for building a conforming implementation. But it doesn't affect which
programs are strictly conforming.
> In general, you can only reason about C programs conditional on the
> program not exceeding any implementation limit.
Yeah, in practice, it's not very important whether strictly conforming
programs don't exist or conforming implementations:-) But it could
affect views on responsibility of implementations to diagnose such bad
situations as stack exhaustion.
More information about the Gcc-bugs
mailing list