This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libstdc++/80893] New: std::vector<bool> creation dereferences null pointer

From: "terra at gnome dot org" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Fri, 26 May 2017 18:27:15 +0000
Subject: [Bug libstdc++/80893] New: std::vector<bool> creation dereferences null pointer
Auto-submitted: auto-generated

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80893

            Bug ID: 80893
           Summary: std::vector<bool> creation dereferences null pointer
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: terra at gnome dot org
  Target Milestone: ---

Created attachment 41426
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41426&action=edit
g++ -E output, just in case it's needed

It looks like copying a pristine vector<bool> or initializing one
with an explicit length of zero involves dereferencing a null pointer
although nothing is actually done with the result.  -fsanitize is unhappy
with that.


# cat test.C
#include <vector>

int main() {
  // OK
  std::vector<bool> a;

  // Fails.
  std::vector<bool> b(a);

  // Fails.
  std::vector<bool> c(0);

  (void)a;
  (void)b;
  (void)c;
  return 0;
}


# /usr/local/products/gcc/7.1.0/bin/g++ -v -D_GLIBCXX_DEBUG
-fsanitize=undefined -O test.C -Wl,-rpath,/usr/local/products/gcc/7.1.0/lib64
-fsanitize=undefined
Using built-in specs.
COLLECT_GCC=/usr/local/products/gcc/7.1.0/bin/g++
COLLECT_LTO_WRAPPER=/usr/local/products/gcc/7.1.0/lib/gcc/x86_64-suse-linux/7.1.0/lto-wrapper
Target: x86_64-suse-linux
Configured with: ../../gcc-7.1.0/configure --enable-languages=c,c++,fortran
--enable-targets=x86_64-suse-linux,i686-suse-linux
--prefix=/usr/local/products/gcc/7.1.0 --with-gnu-as
--with-as=/usr/local/products/gcc/binutils-2.26/bin/as --with-gnu-ld
--with-ld=/usr/local/products/gcc/binutils-2.26/bin/ld.bfd
--with-gmp=/usr/local/products/gcc/gmp-6.1.0
--with-mpfr=/usr/local/products/gcc/mpfr-3.1.4
--with-mpc=/usr/local/products/gcc/mpc-1.0.3 --enable-threads=posix
--enable-shared --enable-__cxa_atexit --enable-libstdcxx-allocator=pool
x86_64-suse-linux
Thread model: posix
gcc version 7.1.0 (GCC) 
COLLECT_GCC_OPTIONS='-v' '-D' '_GLIBCXX_DEBUG' '-fsanitize=undefined' '-O'
'-fsanitize=undefined' '-shared-libgcc' '-mtune=generic' '-march=x86-64'
 /usr/local/products/gcc/7.1.0/lib/gcc/x86_64-suse-linux/7.1.0/cc1plus -quiet
-v -D_GNU_SOURCE -D _GLIBCXX_DEBUG test.C -quiet -dumpbase test.C
-mtune=generic -march=x86-64 -auxbase test -O -version -fsanitize=undefined
-fsanitize=undefined -o /tmp/ccjJFQr4.s
GNU C++14 (GCC) version 7.1.0 (x86_64-suse-linux)
        compiled by GNU C version 7.1.0, GMP version 6.1.0, MPFR version 3.1.4,
MPC version 1.0.3, isl version none
warning: MPFR header version 3.1.4 differs from library version 3.1.3.
GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072
ignoring nonexistent directory
"/usr/local/products/gcc/7.1.0/lib64/gcc/x86_64-suse-linux/7.1.0/../../../../x86_64-suse-linux/include"
#include "..." search starts here:
#include <...> search starts here:

/usr/local/products/gcc/7.1.0/lib64/gcc/x86_64-suse-linux/7.1.0/../../../../include/c++/7.1.0

/usr/local/products/gcc/7.1.0/lib64/gcc/x86_64-suse-linux/7.1.0/../../../../include/c++/7.1.0/x86_64-suse-linux

/usr/local/products/gcc/7.1.0/lib64/gcc/x86_64-suse-linux/7.1.0/../../../../include/c++/7.1.0/backward
 /usr/local/products/gcc/7.1.0/lib64/gcc/x86_64-suse-linux/7.1.0/include
 /usr/local/include
 /usr/local/products/gcc/7.1.0/include
 /usr/local/products/gcc/7.1.0/lib64/gcc/x86_64-suse-linux/7.1.0/include-fixed
 /usr/include
End of search list.
GNU C++14 (GCC) version 7.1.0 (x86_64-suse-linux)
        compiled by GNU C version 7.1.0, GMP version 6.1.0, MPFR version 3.1.4,
MPC version 1.0.3, isl version none
warning: MPFR header version 3.1.4 differs from library version 3.1.3.
GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072
Compiler executable checksum: 2b9455e910d94e4d2b3b828bd090b81a
COLLECT_GCC_OPTIONS='-v' '-D' '_GLIBCXX_DEBUG' '-fsanitize=undefined' '-O'
'-fsanitize=undefined' '-shared-libgcc' '-mtune=generic' '-march=x86-64'
 /usr/local/products/gcc/binutils-2.26/bin/as -v --64 -o /tmp/ccJ4ZfpM.o
/tmp/ccjJFQr4.s
GNU assembler version 2.26 (x86_64-suse-linux) using BFD version (GNU Binutils)
2.26.20160125
COMPILER_PATH=/usr/local/products/gcc/7.1.0/lib/gcc/x86_64-suse-linux/7.1.0/:/usr/local/products/gcc/7.1.0/lib/gcc/x86_64-suse-linux/7.1.0/:/usr/local/products/gcc/7.1.0/lib/gcc/x86_64-suse-linux/:/usr/local/products/gcc/7.1.0/lib64/gcc/x86_64-suse-linux/7.1.0/:/usr/local/products/gcc/7.1.0/lib64/gcc/x86_64-suse-linux/
LIBRARY_PATH=/usr/local/products/gcc/7.1.0/lib64/gcc/x86_64-suse-linux/7.1.0/:/usr/local/products/gcc/7.1.0/lib64/gcc/x86_64-suse-linux/7.1.0/../../../../lib64/:/lib/../lib64/:/usr/lib/../lib64/:/usr/local/products/gcc/7.1.0/lib64/gcc/x86_64-suse-linux/7.1.0/../../../:/lib/:/usr/lib/
COLLECT_GCC_OPTIONS='-v' '-D' '_GLIBCXX_DEBUG' '-fsanitize=undefined' '-O'
'-fsanitize=undefined' '-shared-libgcc' '-mtune=generic' '-march=x86-64'
 /usr/local/products/gcc/7.1.0/lib/gcc/x86_64-suse-linux/7.1.0/collect2 -plugin
/usr/local/products/gcc/7.1.0/lib/gcc/x86_64-suse-linux/7.1.0/liblto_plugin.so
-plugin-opt=/usr/local/products/gcc/7.1.0/lib/gcc/x86_64-suse-linux/7.1.0/lto-wrapper
-plugin-opt=-fresolution=/tmp/ccZY0Eou.res -plugin-opt=-pass-through=-lgcc_s
-plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lc
-plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lgcc
--eh-frame-hdr -m elf_x86_64 -dynamic-linker /lib64/ld-linux-x86-64.so.2
/usr/lib/../lib64/crt1.o /usr/lib/../lib64/crti.o
/usr/local/products/gcc/7.1.0/lib64/gcc/x86_64-suse-linux/7.1.0/crtbegin.o
-L/usr/local/products/gcc/7.1.0/lib64/gcc/x86_64-suse-linux/7.1.0
-L/usr/local/products/gcc/7.1.0/lib64/gcc/x86_64-suse-linux/7.1.0/../../../../lib64
-L/lib/../lib64 -L/usr/lib/../lib64
-L/usr/local/products/gcc/7.1.0/lib64/gcc/x86_64-suse-linux/7.1.0/../../..
/tmp/ccJ4ZfpM.o -rpath /usr/local/products/gcc/7.1.0/lib64 -lstdc++ -lm -lubsan
-lgcc_s -lgcc -lc -lgcc_s -lgcc
/usr/local/products/gcc/7.1.0/lib64/gcc/x86_64-suse-linux/7.1.0/crtend.o
/usr/lib/../lib64/crtn.o
COLLECT_GCC_OPTIONS='-v' '-D' '_GLIBCXX_DEBUG' '-fsanitize=undefined' '-O'
'-fsanitize=undefined' '-shared-libgcc' '-mtune=generic' '-march=x86-64'

# ./a.out 
/usr/local/products/gcc/7.1.0/include/c++/7.1.0/bits/stl_bvector.h:1094:7:
runtime error: reference binding to null pointer of type 'long unsigned int'
/usr/local/products/gcc/7.1.0/include/c++/7.1.0/bits/stl_bvector.h:1094:7:
runtime error: reference binding to null pointer of type 'long unsigned int'

Follow-Ups:
- [Bug libstdc++/80893] std::vector<bool> creation dereferences null pointer
  - From: redi at gcc dot gnu.org
- [Bug libstdc++/80893] std::vector<bool> creation dereferences null pointer
  - From: redi at gcc dot gnu.org
- [Bug libstdc++/80893] std::vector<bool> creation dereferences null pointer
  - From: redi at gcc dot gnu.org
- [Bug libstdc++/80893] std::vector<bool> creation dereferences null pointer
  - From: redi at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]