Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Calling array new with a negative size should be checked in C++14 mode #34921

Open
TNorthover opened this issue Dec 8, 2017 · 5 comments
Open
Labels
bugzilla Issues migrated from bugzilla c++14 clang:frontend Language frontend issues, e.g. anything involving "Sema"

Comments

@TNorthover
Copy link
Contributor

TNorthover commented Dec 8, 2017

Bugzilla Link 35573
Version trunk
OS All
CC @hubert-reinterpretcast,@zygoloid

Extended Description

When emitting code for a new array expression we check whether the array size is negative in C++98 and C++11 mode, but not from C++14 onwards. E.g.

char *foo(int a) {
  return new char[a];
}
$ clang++ tmp.cpp -std=c++11 -S -o- -emit-llvm -Os
define noalias nonnull i8* @_Z3fooi(i32 %a) local_unnamed_addr #0 {
entry:
  %0 = sext i32 %a to i64
  %1 = icmp sgt i64 %0, -1
  %2 = select i1 %1, i64 %0, i64 -1
  %call = tail call i8* @_Znam(i64 %2) #2
  ret i8* %call
}

$ clang++ tmp.cpp -std=c++14 -S -o- -emit-llvm -Os
define noalias nonnull i8* @_Z3fooi(i32 %a) local_unnamed_addr #0 {
entry:
  %conv = sext i32 %a to i64
  %call = tail call i8* @_Znam(i64 %conv) #2
  ret i8* %call
}
@TNorthover
Copy link
Contributor Author

TNorthover commented Dec 8, 2017

This is related to #12016 : we should actually be throwing std::bad_array_new_length from C++11 onwards, but we certainly shouldn't be dropping the bounds check entirely.

@hubert-reinterpretcast
Copy link
Collaborator

hubert-reinterpretcast commented Feb 5, 2019

Omitting the bounds check on an non-allocating form of operator new[] means running the initialization code.

[[nodiscard]] void *operator new[](decltype(sizeof 0), void *) noexcept;
extern "C" void abort();
int *f(void *p, int sz) { return new (p) int[sz] {0, (abort(), 1)}; }

@hubert-reinterpretcast
Copy link
Collaborator

mentioned in issue llvm/llvm-bugzilla-archive#38300

@llvmbot llvmbot transferred this issue from llvm/llvm-bugzilla-archive Dec 10, 2021
@Endilll Endilll added the clang:to-be-triaged Should not be used for new issues label Jul 24, 2024
@frederick-vs-ja
Copy link
Contributor

This is CWG1061.

@frederick-vs-ja frederick-vs-ja added clang:frontend Language frontend issues, e.g. anything involving "Sema" and removed clang:to-be-triaged Should not be used for new issues labels Dec 31, 2024
@llvmbot
Copy link
Member

llvmbot commented Dec 31, 2024

@llvm/issue-subscribers-clang-frontend

Author: Tim Northover (TNorthover)

| | | | --- | --- | | Bugzilla Link | [35573](https://llvm.org/bz35573) | | Version | trunk | | OS | All | | CC | @hubert-reinterpretcast,@zygoloid |

Extended Description

When emitting code for a new array expression we check whether the array size is negative in C++98 and C++11 mode, but not from C++14 onwards. E.g.

char *foo(int a) {
  return new char[a];
}
$ clang++ tmp.cpp -std=c++11 -S -o- -emit-llvm -Os
define noalias nonnull i8* @<!-- -->_Z3fooi(i32 %a) local_unnamed_addr #<!-- -->0 {
entry:
  %0 = sext i32 %a to i64
  %1 = icmp sgt i64 %0, -1
  %2 = select i1 %1, i64 %0, i64 -1
  %call = tail call i8* @<!-- -->_Znam(i64 %2) #<!-- -->2
  ret i8* %call
}

$ clang++ tmp.cpp -std=c++14 -S -o- -emit-llvm -Os
define noalias nonnull i8* @<!-- -->_Z3fooi(i32 %a) local_unnamed_addr #<!-- -->0 {
entry:
  %conv = sext i32 %a to i64
  %call = tail call i8* @<!-- -->_Znam(i64 %conv) #<!-- -->2
  ret i8* %call
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bugzilla Issues migrated from bugzilla c++14 clang:frontend Language frontend issues, e.g. anything involving "Sema"
Projects
None yet
Development

No branches or pull requests

5 participants