Just out of curiosity, is the following legal?
X* p = static_cast<X*>(operator new[](3 * sizeof(X)));
new(p + 0) X();
new(p + 1) X();
new(p + 2) X();
delete[] p; // Am I allowed to use delete[] here? Or is it undefined behavior?
Similarly:
X* q = new X[3]();
(q + 2)->~X();
(q + 1)->~X();
(q + 0)->~X();
operator delete[](q);
I'm pretty sure both give UB.
§5.3.4/12 says the array form of a new expression may add some arbitrary amount of overhead to the amount of memory allocated. The array delete can/could then do something with the extra memory it expects to be there, but isn't since you didn't allocate the extra space it expects. At the very least it's normally going to at least compensate for the amount of extra memory it expected to be allocated to get back to the address it believes was returned from operator new
-- but since you haven't allocated extra memory or applied an offset, when it does to it'll pass a pointer to operator delete[]
that wasn't returned from operator new[]
, leading to UB (and, in fact, even attempting to form the address before the beginning of the returned address is technically UB).
The same section says that if it allocates extra memory, it has to offset the returned pointer by the amount of that overhead. When/if you call operator delete[]
with the pointer that was returned from the new expression without compensating for the offset, you're calling operator delete[]
with a pointer that's different from the one operator new[]
returned, giving UB again.
§5.3.4/12 is a non-normative note, but I don't see anything in the normative text to contradict it.