[Bug c++/70588] New: [5/6 regression] SIGBUS on a VLA larger than SIZE_MAX / 2

Thu, 07 Apr 2016 16:05:25 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70588

            Bug ID: 70588
           Summary: [5/6 regression] SIGBUS on a VLA larger than SIZE_MAX
                    / 2
           Product: gcc
           Version: 6.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: msebor at gcc dot gnu.org
  Target Milestone: ---

Similarly to bug 69517, r218655 (partially) removed from G++ support for
"Runtime-sized arrays with automatic storage duration" specified in WG21 N3639
(http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2013/n3639.html), leaving
only support for ordinary C VLAs.  The support, introduced in r198745 and
available in GCC 4.9, included limited detection of common VLA errors such as
overflow in the VLA bounds.  When compiled with GCC 4.9 in c++1y mode the
program below is instrumented by GCC to detect the overflow and throw an
exception.  However, when compiled with GCC 5 or 6, the same program either
crashes at runtime due to the stack overflow or simply runs to completion.

This is not a new or surprising discovery but because the problem is distinct
from bug 69517 I raise a separate bug for it for the record.

$ cat v.c && /home/msebor/build/gcc-4.9.3/gcc/xg++
-B/home/msebor/build/gcc-4.9.3/gcc -L
/home/msebor/build/gcc-4.9.3/x86_64-unknown-linux-gnu/libstdc++-v3/src/.libs
-O2 -Wall -Wextra -Wpedantic -std=c++1y -xc++ v.c && ./a.out 
void g (void*) { }

void f (__SIZE_TYPE__ n)
{
    char a[n];

    g (a);
}

int main ()
{
    volatile __SIZE_TYPE__ n = __SIZE_MAX__ / 2 + 1;
    try {
        f (n);
        __builtin_printf ("VLA bounds overflow failed to throw\n");
    }
    catch (...) {
        __builtin_printf ("VLA bounds overflow detected\n");
    }
}
VLA bounds overflow detected


$ ~/bin/gcc-5.1.0/bin/g++ -O2 -Wall -Wextra -Wpedantic -std=c++14 -xc++ v.c &&
./a.out 
v.c: In function ‘void f(long unsigned int)’:
v.c:5:13: warning: ISO C++ forbids variable length array ‘a’ [-Wvla]
     char a[n];
             ^
VLA bounds overflow failed to throw


$ ~/bin/gcc-5.1.0/bin/g++ -Wall -Wextra -Wpedantic -std=c++14 -xc++ v.c &&
./a.out 
v.c: In function ‘void f(long unsigned int)’:
v.c:5:13: warning: ISO C++ forbids variable length array ‘a’ [-Wvla]
     char a[n];
             ^
Bus error (core dumped)

Reply via email to