On 05/13/2013 03:06 PM, Gabriel Dos Reis wrote:
This whole feature seems rather poorly designed to me. The code size
increase due to official VLA support in C++11y might come a bit as a
surprise. But rereading N3639, there's no way around it, at least for
expressions of signed types.
I think there is a general mood of unsympathetic views towards liberal
"undefined behavior." Of course, implementations are always free to
offer switches to programmers who don't want checks.
And usually I'm in that crowd as well. But in this case, we add a check
which only covers a tiny fraction of the problem. It's like bounds
checking for arrays which only fails if the index is at least twice as
large as the array length, IMHO.
--
Florian Weimer / Red Hat Product Security Team