https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68065

--- Comment #5 from Alexander Cherepanov <ch3root at openwall dot com> ---
On 2015-10-27 02:27, joseph at codesourcery dot com wrote:
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68065
>
> --- Comment #4 from joseph at codesourcery dot com <joseph at codesourcery 
> dot com> ---
> On Mon, 26 Oct 2015, ch3root at openwall dot com wrote:
>
>> The core issue is an overflow in size computations which is not limited to 
>> VLA.
>> You can as easily get a crash with non-VLA-array+sizeof+malloc:
>>
>> #define N /* complex computation leading to.. */ (UINT_MAX / sizeof(int) + 2)
>>    int (*p)[N];
>
> That sounds like a completely separate bug.  Please file a separate bug in
> Bugzilla for it.  Any construction of a non-VLA type whose size is half or
> more of the address space should receive a compile-time error, like you
> get if you don't use a pointer here.

Ok, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68107 .

> VLA size overflow, however, is undefined behavior at runtime, not compile
> time, hence a matter for ubsan.

VLA size overflow is very similar to overflow in "new". Shouldn't it be 
handled in a similar way?

Reply via email to