[Bug c++/70019] New: VLA size overflow not detected

msebor at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Tue Mar 1 01:40:00 GMT 2016


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70019

            Bug ID: 70019
           Summary: VLA size overflow not detected
           Product: gcc
           Version: 4.9.4
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: msebor at gcc dot gnu.org
  Target Milestone: ---

While working on a patch for bug 69517 (restoring the GCC 4.9 support for VLA
runtime bounds checking) I find that the support is incomplete in that GCC
doesn't emit a check for an overflow in the computation of the size of the
array.  In the test case below, since the size of the VLA would exceed SIZE_MAX
(and thus even the most permissive implementation-defined limit) it is
erroneous and therefore, according to N3639, requires a std::bad_array_length
exception to be thrown
(http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2013/n3639.html).

The purpose of this bug is to make a record of the incomplete support for N3639
so that it can be completed in the patch for bug 69517.

$ cat z.cpp && /home/msebor/build/gcc-4.9.3/gcc/xg++
-B/home/msebor/build/gcc-4.9.3/gcc -L
/home/msebor/build/gcc-4.9.3/x86_64-unknown-linux-gnu/libstdc++-v3/src/.libs
-Wall -Wextra -Wpedantic -std=c++1y -xc++ z.cpp && ./a.outtypedef __SIZE_TYPE__
size_t;

int main ()
{
  size_t n = __SIZE_MAX__ / 2 + 1;

  try {
    int a [n];
    __builtin_abort ();
  }
  catch (...) { }
}
z.cpp: In function ‘int main()’:
z.cpp:8:9: warning: unused variable ‘a’ [-Wunused-variable]
     int a [n];
         ^
Aborted (core dumped)


More information about the Gcc-bugs mailing list