array cookie rules are vague and misleading for multidimensional arrays #125
Description
We currently say this about array cookies:
When operator new is used to create a new array, a cookie is usually stored to remember the allocated length (number of array elements) so that it can be deallocated correctly.
Specifically:
No cookie is required if the array element type T has a trivial destructor (12.4 [class.dtor]) and the usual (array) deallocation function (3.7.3.2 [basic.stc.dynamic.deallocation]) function does not take two arguments.
... and then we say that we allocate a number of bytes equal to sizeof(T) * n plus some overhead, and store n in the array cookie.
That's wrong, though: in the case where the array element type is itself an array type, all implementations actually recursively decompose the allocated type down to a non-array type, and then apply the above rules with n being the product of the array bounds.
Maybe solving this could be as simple as adding: "For the purpose of this rule, multidimensional arrays T[a][b]... are first flattened to single-dimensional arrays T[a*b*...]." or similar?