[uecker]

What is wrong with multi-dimensional arrays in C? It works far better than in C++:

void foo(int X, int Y) { double a[X][Y]; .. }

In fact, this is one reason I switched away from C++, because arrays are so bad in C++.

[pjmlp]

That is a CVE waiting to be exploited.

[uecker]

No.

[pjmlp]

It definitely is, given a nice combination of parameter values, stack sizes and careless programming.

[uecker]

It is not more unsafe than fixed-sized arrays on the stack and stack clash protection (which you need anyway) protects against this. Also if you compare with C++ and use std::vector, surprise, a CVE about to happen: https://godbolt.org/z/cTG71aTsf

(yes, one can activate library assertions, but still - by default - unsafe)