https://gcc.gnu.org/bugzilla/show_bug.cgi?id=125887
Bug ID: 125887
Summary: VLAs inside statement expression leaks stack space
Product: gcc
Version: 16.1.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: superroman652 at gmail dot com
Target Milestone: ---
This bug occurs when size is not known statically or with optimizations
disabled. Works as intended when _ret is not inside stmt expr.
Discovered on archlinux x64, but also reproducible on gcc 15.2.0 on alpine
aarch64.
Not a duplicate of https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113579 "GCC
leaks memory inside when using statement expressions" because that one is about
return inside stmt exprs rather than VLAs.
Code:
#include <stdio.h>
char *g_a;
char *g_b;
void poc_blex(int size) {
char *a = ({
char _ret[size];
_ret;
});
char b[size];
g_a = a;
g_b = b;
}
int main() {
poc_blex(12); // Maybe a runtime value.
printf("%llx %llx %d\n", g_a, g_b, g_a == g_b);
}
