[Bug c++/69517] SEGV on a VLA with excess initializer elements
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69517 Martin Sebor changed: What|Removed |Added Status|ASSIGNED|NEW Assignee|msebor at gcc dot gnu.org |unassigned at gcc dot gnu.org --- Comment #19 from Martin Sebor --- I'm no longer working on this.
[Bug c++/69517] SEGV on a VLA with excess initializer elements
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69517
--- Comment #18 from Jakub Jelinek ---
(In reply to Martin Sebor from comment #17)
> (In reply to Jakub Jelinek from comment #16)
>
> The bug here is in G++ accepting a VLA initializer with more elements than
> there is room for in the VLA, and then trashing the stack at runtime with
> the extra elements. It is a regression with respect to GCC 4.9.3 which
> implements C++ VLAs as specified in n3639
> (http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2013/n3639.html). This
> is documented in GCC 4.9 changes (https://gcc.gnu.org/gcc-4.9/changes.html)
> which highlights the feature using the following example:
>
> void f(int n) {
> int a[n] = { 1, 2, 3 }; // throws std::bad_array_length if n < 3
> ...
>
> VLAs were subsequently removed from C++, and also partially (but not
> completely) removed from G++, which causes C++ programs developed and tested
> with G++ 4.9 to break when ported to a later version.
>
> C++ VLAs will be safer to use with the patch referenced in comment #9. It
> patch had to be reverted from GCC 6.0 because it caused problems in Java.
> Java has been removed and I plan/hope to resubmit the patch for GCC 8. (I
> wanted to do it for GCC 7 but didn't get to it.)
I don't see why it would be a bug. There is no standard covering VLAs in C++,
it is all extensions, it is defined however we want. UB when storing something
larger into something smaller is perfectly fine, users can put their own checks
if they want to avoid it. You want to slow all the code down by doing the
checks mandatory.
[Bug c++/69517] SEGV on a VLA with excess initializer elements
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69517
--- Comment #17 from Martin Sebor ---
(In reply to Jakub Jelinek from comment #16)
The bug here is in G++ accepting a VLA initializer with more elements than
there is room for in the VLA, and then trashing the stack at runtime with the
extra elements. It is a regression with respect to GCC 4.9.3 which implements
C++ VLAs as specified in n3639
(http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2013/n3639.html). This is
documented in GCC 4.9 changes (https://gcc.gnu.org/gcc-4.9/changes.html) which
highlights the feature using the following example:
void f(int n) {
int a[n] = { 1, 2, 3 }; // throws std::bad_array_length if n < 3
...
VLAs were subsequently removed from C++, and also partially (but not
completely) removed from G++, which causes C++ programs developed and tested
with G++ 4.9 to break when ported to a later version.
C++ VLAs will be safer to use with the patch referenced in comment #9. It
patch had to be reverted from GCC 6.0 because it caused problems in Java. Java
has been removed and I plan/hope to resubmit the patch for GCC 8. (I wanted to
do it for GCC 7 but didn't get to it.)
[Bug c++/69517] SEGV on a VLA with excess initializer elements
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69517 Jakub Jelinek changed: What|Removed |Added Target Milestone|7.0 |--- Summary|[7 regression] SEGV on a|SEGV on a VLA with excess |VLA with excess initializer |initializer elements |elements| --- Comment #16 from Jakub Jelinek --- I don't think this is a regression (it is not a regression compared to GCC versions that didn't implement the C++ feature that got removed from the C++ standard), nor a bug, there is no ICE, the program invokes undefined behavior, so anything including SIGSEGV happens.
