https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68065
--- Comment #6 from joseph at codesourcery dot com <joseph at codesourcery dot com> --- On Tue, 27 Oct 2015, ch3root at openwall dot com wrote: > > VLA size overflow, however, is undefined behavior at runtime, not compile > > time, hence a matter for ubsan. > > VLA size overflow is very similar to overflow in "new". Shouldn't it be > handled in a similar way? I'm thinking of it as essentially like stack overflow, where it's traditionally been the user's job to bound their stack allocations. I think ubsan should enable all of (VLA size overflow checks, stack checking for fixed-size allocations to ensure the amount of stack space allocated in one go is small enough that overflow is guaranteed to be detected, similar checks for variable size allocations whether from VLAs or alloca). Of course separate options for various cases may make sense as well.
