https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70019
Bug ID: 70019
Summary: VLA size overflow not detected
Product: gcc
Version: 4.9.4
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
While working on a patch for bug 69517 (restoring the GCC 4.9 support for VLA
runtime bounds checking) I find that the support is incomplete in that GCC
doesn't emit a check for an overflow in the computation of the size of the
array. In the test case below, since the size of the VLA would exceed SIZE_MAX
(and thus even the most permissive implementation-defined limit) it is
erroneous and therefore, according to N3639, requires a std::bad_array_length
exception to be thrown
(http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2013/n3639.html).
The purpose of this bug is to make a record of the incomplete support for N3639
so that it can be completed in the patch for bug 69517.
$ cat z.cpp && /home/msebor/build/gcc-4.9.3/gcc/xg++
-B/home/msebor/build/gcc-4.9.3/gcc -L
/home/msebor/build/gcc-4.9.3/x86_64-unknown-linux-gnu/libstdc++-v3/src/.libs
-Wall -Wextra -Wpedantic -std=c++1y -xc++ z.cpp && ./a.outtypedef __SIZE_TYPE__
size_t;
int main ()
{
size_t n = __SIZE_MAX__ / 2 + 1;
try {
int a [n];
__builtin_abort ();
}
catch (...) { }
}
z.cpp: In function ‘int main()’:
z.cpp:8:9: warning: unused variable ‘a’ [-Wunused-variable]
int a [n];
^
Aborted (core dumped)
