On Thu, 12 Sep 2013, Joseph S. Myers wrote: > (Actually, I believe sizes (in bytes) greater than target PTRDIFF_MAX, not > just SIZE_MAX, should be caught, because pointer subtraction cannot work > reliably with larger objects. So it's not just when the size or > multiplication overflow size_t, but when they overflow ptrdiff_t.)
And, to add a bit more to the list of possible ubsan features (is this todo list maintained anywhere?), even if the size is such that operations on the array are in principle defined, it's possible that adjusting the stack pointer by too much may take it into other areas of memory and so cause stack overflow that doesn't get detected by the kernel. So maybe ubsan should imply -fstack-check or similar. Everything about VLA checking - checks on the size being positive and on it not being larger than PTRDIFF_MAX, and on avoiding stack overflow - applies equally to alloca: calls to alloca should also be instrumented. (But I think alloca (0) is valid.) -- Joseph S. Myers jos...@codesourcery.com
