Submitter: UK C Panel
Submission Date: 2001-09-07
Source: Clive D.W. Feather <clive@demon.net>
Version: 1.2
Date: 2004-03-06
Subject: overflow of sizeof
Consider the following code:
char x [SIZE_MAX / 2][SIZE_MAX / 2];
size_t s = sizeof x;
The size of x cannot be fitted into an object of type size_t. Assuming that SIZE_MAX is 65535, what is the value of s ? More generally, which of the following is, or should be, the case ?
6.5.3.4#2 says in part:
[#2] The sizeof operator yields the size (in bytes) of its operand, which may be an expression or the parenthesized name of a type. The size is determined from the type of the operand. The result is an integer.Note that there is no indication that the result may be other than the correct size.
Suggested Technical Corrigendum
One of:
If the size is too large to fit in an object of type size_t, it is converted to that type in the manner described in subclause 6.3.1.3.
If the size is too large to fit in an object of type size_t, it is replaced by an implementation-defined value.
[#1a] The sizeof operator shall not be applied to an operand whose size, in bytes, is larger than the maximum value of the type size_t.
The implementation shall ensure that the type size_t is large enough to hold the result of all uses of the sizeof operator.
[Some of these are less than wonderful, and consideration should also be given to the interaction with VLAs.]
Committee Discussion
The committee has deliberated and decided that more than one interpretation is reasonable. Translation limits do not apply to objects whose size is determined at runtime.
sizeof(a[SIZE_MAX/2][SIZE_MAX/2]);The program is not strictly conforming because it exceeds an environmental limit.
Committee Response
The program is not strictly conforming because it exceeds an environmental limit. If the implementation generates code, there is no requirement for a diagnostic. In the event that sizeof is called on the object, a diagnostic can be issued, but is not required.