https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68065

--- Comment #4 from joseph at codesourcery dot com <joseph at codesourcery dot 
com> ---
On Mon, 26 Oct 2015, ch3root at openwall dot com wrote:

> The core issue is an overflow in size computations which is not limited to 
> VLA.
> You can as easily get a crash with non-VLA-array+sizeof+malloc:
> 
> #define N /* complex computation leading to.. */ (UINT_MAX / sizeof(int) + 2)
>   int (*p)[N];

That sounds like a completely separate bug.  Please file a separate bug in 
Bugzilla for it.  Any construction of a non-VLA type whose size is half or 
more of the address space should receive a compile-time error, like you 
get if you don't use a pointer here.

VLA size overflow, however, is undefined behavior at runtime, not compile 
time, hence a matter for ubsan.

Reply via email to