https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90266
Bug ID: 90266
Summary: missing or broken check for vector::size() exceeding
max_size()
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: richard-gccbugzilla at metafoo dot co.uk
Target Milestone: ---
Testcase:
#include <vector>
using T = int;
size_t e() {
std::vector<T> vb;
return vb.max_size();
}
size_t f() {
std::vector<T> vb(e());
vb.push_back({});
return vb.size();
}
size_t g() {
std::vector<T> vb(e());
vb.push_back({});
vb.push_back({});
return vb.size();
}
Compiled using -m32, I find:
* e() returns 0x3fffffff (good)
* f() invokes operator new(-4) and returns 0 (wrong; should throw
length_error)
* g() invokes operator new(-4) twice (?!) and returns 1
It looks like the check for size() exceeding max_size() is missing. [For a
compiler that deletes unused new/delete pairs, f() otherwise could incorrectly
compile to just "return 0;" with no exception thrown. Presumably the same would
happen under -m64 with an allocator that has a 32-bit max_size().]
