This is an unofficial snapshot of the ISO/IEC JTC1 SC22 WG21 Core Issues List revision 110b. See http://www.open-std.org/jtc1/sc22/wg21/ for the official list.

2023-01-15


1061. Negative array bounds in a new-expression

Section: 7.6.2.8  [expr.new]     Status: C++11     Submitter: Sean Hunt     Date: 2010-03-23

[Voted into the WP at the November, 2010 meeting.]

Recent changes have added the requirement (7.6.2.8 [expr.new] paragraph 7) ,

If the value of that expression is such that the size of the allocated object would exceed the implementation-defined limit, no storage is obtained and the new-expression terminates by throwing an exception of a type that would match a handler (14.4 [except.handle]) of type std::bad_array_new_length (17.6.4.2 [new.badlength]).

Given this checking, is there any current reason for the statement in the preceding paragraph,

If the value of the expression is negative, the behavior is undefined.

Presumably for most negative expressions on most platforms, a negative value would result in a too-large request anyway, and even if not the check could easily be expanded to look explicitly for a negative value in addition to a too-large request.

Proposed resolution (September, 2010):

  1. Change 7.6.2.8 [expr.new] paragraphs 6 and 7 as follows:

  2. ...If the value of the expression is negative, the behavior is undefined. [Example: given the definition int n = 42, new float[n][5] is well-formed (because n is the expression of a noptr-new-declarator), but new float[5][n] is ill-formed (because n is not a constant expression). If n is negative, the effect of new float[n][5] is undefined.end example]

    When the value of the expression in a noptr-new-declarator is zero, the allocation function is called to allocate an array with no elements. If the value of that expression is less than zero or such that the size of the allocated object would exceed the implementation-defined limit, no storage is obtained and the new-expression terminates by throwing an exception of a type that would match a handler (14.4 [except.handle]) of type std::bad_array_new_length (17.6.4.2 [new.badlength]).

  3. Change 17.6.4.2 [new.badlength] paragraph 1 as follows:

  4. The class bad_array_new_length defines the type of objects thrown as exceptions by the implementation to report an attempt to allocate an array of size less than zero or greater than an implementation-defined limit (7.6.2.8 [expr.new]).