On 05/06/2013 02:39 PM, Jason Merrill wrote:
On 05/06/2013 05:46 AM, Florian Weimer wrote:
Nice, this is simpler than expected. However, it makes the call sites
even more bloated.
Hmm, perhaps the checking should be wrapped in an inline function, so
that the inliner can decide whether or not to expand it at the call site...
Or we could call __cxa_vec_new[23] and rely on the check there (in most
cases—for new T[a][b], we'd still need a separate overflow check).
This patch also adds the type to libsupc++, and several exports to
libstdc++.
There's also overflow checking inside __cxa_vec_new[23]. At this point,
we don't know if the caller was compiled in C++11 mode. But for C++03
code, throwing a subclass of std::bad_alloc probably won't hurt.
And we never use __cxa_vec_new* anyway, they're only there because the
ABI requires them.
EDG-derived compilers will call it, so we should fix it as well.
I noticed you use throw() in the declaration of
std::bad_array_new_length and _GLIBCXX_USE_NOEXCEPT in the definition,
which seems rather odd. I'm surprised that this even compiles.
15.4 [except.spec]/3:
Two exception-specifications are compatible if:
— both are non-throwing (see below), regardless of their form
...
Thanks, I suspected as much.
--
Florian Weimer / Red Hat Product Security Team
