<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<TITLE>
    CWG Issue 256</TITLE>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<STYLE TYPE="text/css">
  INS { text-decoration:none; font-weight:bold; background-color:#A0FFA0 }
  .INS { text-decoration:none; background-color:#D0FFD0 }
  DEL { text-decoration:line-through; background-color:#FFA0A0 }
  .DEL { text-decoration:line-through; background-color: #FFD0D0 }
  @media (prefers-color-scheme: dark) {
    HTML { background-color:#202020; color:#f0f0f0; }
    A { color:#5bc0ff; }
    A:visited { color:#c6a8ff; }
    A:hover, a:focus { color:#afd7ff; }
    INS { background-color:#033a16; color:#aff5b4; }
    .INS { background-color: #033a16; }
    DEL { background-color:#67060c; color:#ffdcd7; }
    .DEL { background-color:#67060c; }
  }
  SPAN.cmnt { font-family:Times; font-style:italic }
</STYLE>
</HEAD>
<BODY>
<P><EM>This is an unofficial snapshot of the ISO/IEC JTC1 SC22 WG21
  Core Issues List revision 118b.
  See http://www.open-std.org/jtc1/sc22/wg21/ for the official
  list.</EM></P>
<P>2025-09-28</P>
<HR>
<A NAME="256"></A><H4>256.
  
Overflow in size calculations
</H4>
<B>Section: </B>7.6.2.8&#160; [<A href="https://wg21.link/expr.new">expr.new</A>]
 &#160;&#160;&#160;

 <B>Status: </B>CD1
 &#160;&#160;&#160;

 <B>Submitter: </B>James Kanze
 &#160;&#160;&#160;

 <B>Date: </B>15 Oct 2000<BR>


<P>[Voted into the WP at the September, 2008 meeting.]</P>

<P>[Picked up by evolution group at October 2002 meeting.]</P>

<P>(See also <A HREF="476.html">issue 476</A>.)</P>



<P>The size requested by an array allocation is computed by multiplying
the number of elements requested by the size of each element and adding
an implementation-specific amount for overhead.  It is possible for this
calculation to overflow.  Is an implementation required to detect this
situation and, for instance, throw <TT>std::bad_alloc</TT>?</P>

<P>On one hand, the maximum allocation size is one of the implementation
limits specifically mentioned in Annex Clause Annex B [<A href="https://wg21.link/implimits">implimits</A>], and,
according to 4.1 [<A href="https://wg21.link/intro.compliance#2">intro.compliance</A>] paragraph 2, an implementation
is only required to "accept and correctly execute" programs that do
not violate its resource limits.</P>

<P>On the other hand, it is difficult or impossible for user code
to detect such overflows in a portable fashion, especially given that
the array allocation overhead is not fixed, and it would be a
service to the user to handle this situation gracefully.</P>

<P><B>Rationale (04/01):</B></P>

<P>Each implementation is required to document the maximum size
of an object (Annex Clause Annex B [<A href="https://wg21.link/implimits">implimits</A>]).  It is not
difficult for a program to check array allocations to ensure
that they are smaller than this quantity.  Implementations
can provide a mechanism in which users concerned with this
problem can request extra checking before array allocations,
just as some implementations provide checking for array index
and pointer validity.  However, it would not be appropriate to
require this overhead for every array allocation in every
program.</P>

<P>(See <A HREF="624.html">issue 624</A> for a request to
reconsider this resolution.)</P>

<P><B>Note (March, 2008):</B></P>

<P>The Evolution Working Group has accepted the intent of this
issue and referred it to CWG for action for C++0x (see paper
J16/07-0033 = WG21 N2173).</P>

<P><B>Proposed resolution (September, 2008):</B></P>

<P>This issue is resolved by the resolution of <A HREF="624.html">issue 624</A>, given in paper N2757.</P>

<BR><BR>
</BODY>
</HTML>
