On Thu, 12 Sep 2013, Marek Polacek wrote: > This patch adds the instrumentation of VLA bounds. Basically, it just > checks that the size of a VLA is positive. I.e., We also issue an error > if the size of the VLA is 0. It catches e.g.
This is not an objection to this patch, but there are a few other bits of VLA bound instrumentation that could be done as well. If the size has a wide-enough type to be bigger than the target's SIZE_MAX, and is indeed bigger than SIZE_MAX, that could be detected at runtime as well. Or if the multiplication of array size and element size exceeds SIZE_MAX (this covers both elements of constant size, and elements that are themselves VLAs, but the former can be handled more efficiently by comparing against an appropriate constant rather than needing a runtime test for whether a multiplication in size_t overflows). (Actually, I believe sizes (in bytes) greater than target PTRDIFF_MAX, not just SIZE_MAX, should be caught, because pointer subtraction cannot work reliably with larger objects. So it's not just when the size or multiplication overflow size_t, but when they overflow ptrdiff_t.) -- Joseph S. Myers jos...@codesourcery.com
