Bug 10300 - [3.2 regression] use of array-new (nothrow) in segfaults on NULL return
[3.2 regression] use of array-new (nothrow) in segfaults on NULL return
Status: RESOLVED FIXED
Product: gcc
Classification: Unclassified
Component: c++
unknown
: P3 normal
: ---
Assigned To: Mark Mitchell
: wrong-code
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-04-02 23:46 UTC by jaf
Modified: 2003-07-25 17:33 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:


Attachments
membug.tar.gz (7.05 KB, application/x-gzip )
2003-05-21 15:17 UTC, jaf
Details

Note You need to log in before you can comment on or make changes to this bug.
Description jaf 2003-04-02 23:46:01 UTC
The attached program demonstrates a bug in gcc.  It simulates
an out-of-memory condition by overloading the
new (nothrow) operators to return NULL, and then tries
to allocate an array of items that are the inner class
of a template.  new (nothrow) should return NULL, but
instead, the program segfaults.  The fault occurs after
the custom new operator returns NULL, but before the
new (nothrow) command completes.

Release:
unknown

Environment:
Red Hat Linux 8 on a Dual P3/650 256MB

How-To-Repeat:
g++ membug.zpp
./membug

(should segfault after several lines of output)
Comment 1 jaf 2003-04-02 23:46:01 UTC
Fix:
Fixed in GCC 3.3 with:

  http://gcc.gnu.org/ml/gcc-patches/2003-04/msg00947.html

and in GCC 3.4 with:

  http://gcc.gnu.org/ml/gcc-patches/2003-04/msg00948.html
Comment 2 Wolfgang Bangerth 2003-04-03 14:45:13 UTC
State-Changed-From-To: open->analyzed
State-Changed-Why: Behavior confirmed. Here's a slightly trimmed example:
    -----------------------------
    #include <new>
    
    void * operator new[](size_t, std::nothrow_t const &) throw()
    { return NULL; }
    
    struct X {
        struct Inner { ~Inner() {} };
    
        X() {
          Inner * ic = new (std::nothrow) Inner[1]; // SegFault here
        }
    };
    
    int main() {
       X table;
    }
    -----------------------------------
    It segfaults at the indicated line when compiled with
    3.2, 3.3 and mainline, but not with 2.95, so assuming
    the code is doing something legal, this is a regression.
    To be honest, I don't know what the standard assumes what
    happens for this program, so this needs someone more
    familiar with these things.
    
    W.
Comment 3 Mark Mitchell 2003-04-12 01:31:32 UTC
Responsible-Changed-From-To: unassigned->mmitchel
Responsible-Changed-Why: Working on a fix.
Comment 4 Mark Mitchell 2003-04-13 17:49:39 UTC
From: mmitchel@gcc.gnu.org
To: gcc-gnats@gcc.gnu.org
Cc:  
Subject: c++/10300
Date: 13 Apr 2003 17:49:39 -0000

 CVSROOT:	/cvs/gcc
 Module name:	gcc
 Branch: 	gcc-3_3-branch
 Changes by:	mmitchel@gcc.gnu.org	2003-04-13 17:49:39
 
 Modified files:
 	gcc/cp         : ChangeLog init.c 
 	gcc/testsuite  : ChangeLog 
 Added files:
 	gcc/testsuite/g++.dg/init: new5.C 
 
 Log message:
 	PR c++/10300
 	* init.c (build_new_1): Correct logic for checking whether the
 	return value from the allocation function was zero.
 	
 	PR c++/10300
 	* g++.dg/init/new5.C: New test.
 
 Patches:
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/cp/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=1.3076.2.103&r2=1.3076.2.104
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/cp/init.c.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=1.299.2.4&r2=1.299.2.5
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=1.2261.2.138&r2=1.2261.2.139
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/g++.dg/init/new5.C.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=NONE&r2=1.1.2.1
 

Comment 5 Mark Mitchell 2003-04-13 17:49:39 UTC
From: mmitchel@gcc.gnu.org
To: gcc-gnats@gcc.gnu.org
Cc:  
Subject: c++/10300
Date: 13 Apr 2003 17:49:39 -0000

 CVSROOT:	/cvs/gcc
 Module name:	gcc
 Branch: 	gcc-3_3-branch
 Changes by:	mmitchel@gcc.gnu.org	2003-04-13 17:49:39
 
 Modified files:
 	gcc/cp         : ChangeLog init.c 
 	gcc/testsuite  : ChangeLog 
 Added files:
 	gcc/testsuite/g++.dg/init: new5.C 
 
 Log message:
 	PR c++/10300
 	* init.c (build_new_1): Correct logic for checking whether the
 	return value from the allocation function was zero.
 	
 	PR c++/10300
 	* g++.dg/init/new5.C: New test.
 
 Patches:
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/cp/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=1.3076.2.103&r2=1.3076.2.104
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/cp/init.c.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=1.299.2.4&r2=1.299.2.5
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=1.2261.2.138&r2=1.2261.2.139
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/g++.dg/init/new5.C.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=NONE&r2=1.1.2.1
 

Comment 6 Mark Mitchell 2003-04-13 17:54:04 UTC
From: mmitchel@gcc.gnu.org
To: gcc-gnats@gcc.gnu.org
Cc:  
Subject: c++/10300
Date: 13 Apr 2003 17:54:04 -0000

 CVSROOT:	/cvs/gcc
 Module name:	gcc
 Changes by:	mmitchel@gcc.gnu.org	2003-04-13 17:54:03
 
 Modified files:
 	gcc/cp         : ChangeLog init.c 
 	gcc/testsuite  : ChangeLog 
 Added files:
 	gcc/testsuite/g++.dg/init: new5.C 
 
 Log message:
 	PR c++/10300
 	* init.c (build_new_1): Reorganize.
 	
 	PR c++/10300
 	* g++.dg/init/new5.C: New test.
 
 Patches:
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/cp/ChangeLog.diff?cvsroot=gcc&r1=1.3322&r2=1.3323
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/cp/init.c.diff?cvsroot=gcc&r1=1.316&r2=1.317
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/ChangeLog.diff?cvsroot=gcc&r1=1.2589&r2=1.2590
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/g++.dg/init/new5.C.diff?cvsroot=gcc&r1=1.1&r2=1.2
 

Comment 7 Mark Mitchell 2003-04-13 17:54:04 UTC
From: mmitchel@gcc.gnu.org
To: gcc-gnats@gcc.gnu.org
Cc:  
Subject: c++/10300
Date: 13 Apr 2003 17:54:04 -0000

 CVSROOT:	/cvs/gcc
 Module name:	gcc
 Changes by:	mmitchel@gcc.gnu.org	2003-04-13 17:54:03
 
 Modified files:
 	gcc/cp         : ChangeLog init.c 
 	gcc/testsuite  : ChangeLog 
 Added files:
 	gcc/testsuite/g++.dg/init: new5.C 
 
 Log message:
 	PR c++/10300
 	* init.c (build_new_1): Reorganize.
 	
 	PR c++/10300
 	* g++.dg/init/new5.C: New test.
 
 Patches:
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/cp/ChangeLog.diff?cvsroot=gcc&r1=1.3322&r2=1.3323
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/cp/init.c.diff?cvsroot=gcc&r1=1.316&r2=1.317
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/ChangeLog.diff?cvsroot=gcc&r1=1.2589&r2=1.2590
 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/g++.dg/init/new5.C.diff?cvsroot=gcc&r1=1.1&r2=1.2
 
Comment 8 Joe Buck 2003-04-25 20:01:58 UTC
State-Changed-From-To: analyzed->closed
State-Changed-Why: Fixed for the next release (3.3).