https://gcc.gnu.org/bugzilla/show_bug.cgi?id=119693
--- Comment #7 from Harald van Dijk <harald at gigawatt dot nl> --- (In reply to Jakub Jelinek from comment #5) > but you shouldn't call standard string/memory functions on it, > you are then on your own to deal with it. Does the standard say so anywhere? Yes, it says pointer subtraction is undefined, but I am not aware of any point where it says calling standard library functions is undefined. Implementers need to define them in such a way that they produce the correct results in all cases, only resulting in undefined behaviour where the standard says behaviour is undefined. strlen is defined to return "the number of characters that precede the terminating null character", not "the pointer difference between the starting character and the terminating null character". They are only equivalent in cases where that pointer difference is well-defined, so an implementation based on pointer difference is making unwarranted assumptions unless the compiler provides additional guarantees beyond what the standard mandates. I think implementations have two valid ways of dealing with this: either malloc must fail to allocate such a large object, or standard library functions must handle such a large object. This could be solved in a 100% unambiguously valid way on the glibc side by changing malloc to reject such sizes, but on an implementation where malloc supports such sizes, I think all of the standard library needs to be prepared to handle that. (In reply to Jann Horn from comment #6) > Anyway, I think the most important aspect here is the off-by-one. This makes sense, the two issues are related but different.
