https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68065
--- Comment #4 from joseph at codesourcery dot com <joseph at codesourcery dot com> --- On Mon, 26 Oct 2015, ch3root at openwall dot com wrote: > The core issue is an overflow in size computations which is not limited to > VLA. > You can as easily get a crash with non-VLA-array+sizeof+malloc: > > #define N /* complex computation leading to.. */ (UINT_MAX / sizeof(int) + 2) > int (*p)[N]; That sounds like a completely separate bug. Please file a separate bug in Bugzilla for it. Any construction of a non-VLA type whose size is half or more of the address space should receive a compile-time error, like you get if you don't use a pointer here. VLA size overflow, however, is undefined behavior at runtime, not compile time, hence a matter for ubsan.