| Bug#: 14975 | Product: gcc | Version: 3.4.0 | |
| Host: i686-pc-linux-gnu | Target: i686-pc-linux-gnu | Build: i686-pc-linux-gnu | |
| Status: RESOLVED | Severity: normal | Priority: P2 | |
| Resolution: FIXED | Assigned To: paolo.carlini@oracle.com | Reported By: peturrun@gmail.com | |
| Component: libstdc++ | Target Milestone: 3.4.1 | ||
| Summary: [3.4 only] Segfault on low-level write error during imbue | |||
| Keywords: | |||
| Opened: 2004-04-16 13:44 | |||
| Description: | Last confirmed: 2004-04-16 14:03 | Opened: 2004-04-16 13:44 |
This bit from basic_filebuf::imbue in include/bits/fstream.tcc can't
possibly be correct:
else if (_M_writing && (__testvalid = _M_terminate_output()))
_M_set_buffer(-1);
}
}
if (__testvalid)
_M_codecvt = _M_codecvt_tmp;
If __testvalid is false for some reason (for example because
_M_terminate_output returned false because of a low-level write error),
then _M_codecvt will still point to the codecvt facet from the old locale.
Since no reference is kept to the old locale, the facet may be deleted at
any time, and so keeping a pointer to it is certainly wrong.
Created an attachment (id=6094) [edit]
Test case
This test case shows a segfault after a low-level write error.
Created an attachment (id=6095) [edit]
Test case
This test case shows a segfault when an overridden version of
overflow returns eof().
Hi Pétur, thanks for the testcases. Indeed, while working on 12077 I had noticed that something was wrong... but had hoped nobody would notice ;)
Subject: Bug 14975 CVSROOT: /cvs/gcc Module name: gcc Changes by: paolo@gcc.gnu.org 2004-04-16 16:06:22 Modified files: libstdc++-v3 : ChangeLog libstdc++-v3/include/bits: fstream.tcc Added files: libstdc++-v3/testsuite/27_io/basic_filebuf/imbue/char: 14975-1.cc libstdc++-v3/testsuite/27_io/basic_filebuf/imbue/wchar_t: 14975-2.cc Log message: 2004-04-16 Paolo Carlini <pcarlini@suse.de> PR libstdc++/14975 * include/bits/fstream.tcc (basic_filebuf::imbue): Zero _M_codecvt in case of error. * testsuite/27_io/basic_filebuf/imbue/char/14975-1.cc: New. * testsuite/27_io/basic_filebuf/imbue/wchar_t/14975-2.cc: New. Patches: http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/ChangeLog.diff?cvsroot=gcc&r1=1.2449&r2=1.2450 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/include/bits/fstream.tcc.diff?cvsroot=gcc&r1=1.120&r2=1.121 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/testsuite/27_io/basic_filebuf/imbue/char/14975-1.cc.diff?cvsroot=gcc&r1=NONE&r2=1.1 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/testsuite/27_io/basic_filebuf/imbue/wchar_t/14975-2.cc.diff?cvsroot=gcc&r1=NONE&r2=1.1
if (__testvalid)
_M_codecvt = _M_codecvt_tmp;
+ else
+ _M_codecvt = 0;
}
It would probably also be a good idea to somehow signal the error in
overflow (for example by throwing an exception).
Subject: Bug 14975 CVSROOT: /cvs/gcc Module name: gcc Branch: gcc-3_4-branch Changes by: paolo@gcc.gnu.org 2004-04-29 10:26:44 Modified files: libstdc++-v3 : ChangeLog libstdc++-v3/include/bits: fstream.tcc Added files: libstdc++-v3/testsuite/27_io/basic_filebuf/imbue/char: 14975-1.cc libstdc++-v3/testsuite/27_io/basic_filebuf/imbue/wchar_t: 14975-2.cc Log message: 2004-04-29 Paolo Carlini <pcarlini@suse.de> PR libstdc++/14975 * include/bits/fstream.tcc (basic_filebuf::imbue): Zero _M_codecvt in case of error. * testsuite/27_io/basic_filebuf/imbue/char/14975-1.cc: New. * testsuite/27_io/basic_filebuf/imbue/wchar_t/14975-2.cc: New. Patches: http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-3_4-branch&r1=1.2224.2.87&r2=1.2224.2.88 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/include/bits/fstream.tcc.diff?cvsroot=gcc&only_with_tag=gcc-3_4-branch&r1=1.116.4.4&r2=1.116.4.5 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/testsuite/27_io/basic_filebuf/imbue/char/14975-1.cc.diff?cvsroot=gcc&only_with_tag=gcc-3_4-branch&r1=NONE&r2=1.1.6.1 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/testsuite/27_io/basic_filebuf/imbue/wchar_t/14975-2.cc.diff?cvsroot=gcc&only_with_tag=gcc-3_4-branch&r1=NONE&r2=1.1.6.1