[cxx-abi-dev] Run-time array checking
Howard Hinnant
howard.hinnant at gmail.com
Thu Sep 13 04:23:50 UTC 2012
On Sep 12, 2012, at 8:07 PM, John McCall <rjmccall at apple.com> wrote:
> Anyway, I've asked Howard Hinnant, Apple's C++ library maintainer, to
> catch up on the discussion and weigh in.
I'm just now catching up. Sorry to be absent.
I think we need to take 3 steps back.
My impression is that bad_array_new_length is meant to catch the case where the compiler or the run-time is required to compute an allocation size by multiplying number of elements by element size and possibly add padding. If that computation overflows, throw bad_array_new_length. Otherwise send it on to operator new and let it throw bad_alloc if necessary.
I really don't think we want to get any more complicated than that. I don't think the benefit/cost ratio would be high if we tried to encode the number of elements times element size plus padding into bad_array_new_length. If you catch a bad_array_new_length, then you just know you've done something outrageous. The precise numbers aren't important. You've used uninitialized or compromised memory for the size or number of elements. It doesn't really matter how much you're over. What matters is that you have a logic bug. And it is our job to stop the program. If someone wants to catch bad_array_new_length and try to save the program, best of luck.
Howard
More information about the cxx-abi-dev
mailing list