https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99934
Jonathan Wakely <redi at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed|2022-03-28 00:00:00 |2023-3-20
--- Comment #4 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Another case from Bug 102514:
namespace std {
using size_t = decltype(sizeof(0));
}
extern "C" void abort();
extern "C" int puts(const char*);
int main()
{
int n = -1;
struct C {
void* operator new[](std::size_t n) noexcept(false) {
puts("C::operator new[] called");
abort();
}
};
C* ptr = new C[n];
}
C::operator new[] called
Aborted (core dumped)
I guess we don't throw bad_array_new_length here because sizeof(C) * size_t(-1)
fits in size_t. But it's still larger than the maximum possible object size,
and in any case, the expression n is less than zero so is erroneous so operator
new should never be called. The compiler should throw bad_array_new_length.
Similarly for this one with a non-throwing operator new[]:
namespace std {
using size_t = decltype(sizeof(0));
}
extern "C" void abort();
extern "C" int puts(const char*);
int main()
{
int n = -1;
struct C2 {
void* operator new[](std::size_t n) noexcept(true) {
puts("C2::operator new[] called");
abort();
}
};
C2* ptr = new C2[n];
}
The sizeof(C2) * size_t(-1) result fits in size_t, so G++ calls the operator
new[]. But the expression is still erroneous, and so the compiler should just
produce a null pointer without calling C2::operator new[].
