Bug 14975 - [3.4 only] Segfault on low-level write error during imbue
[3.4 only] Segfault on low-level write error during imbue
Status: RESOLVED FIXED
Product: gcc
Classification: Unclassified
Component: libstdc++
3.4.0
: P2 normal
: 3.4.1
Assigned To: Paolo Carlini
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-16 13:44 UTC by Pétur Runólfsson
Modified: 2004-10-30 21:09 UTC (History)
1 user (show)

See Also:
Host: i686-pc-linux-gnu
Target: i686-pc-linux-gnu
Build: i686-pc-linux-gnu
Known to work: 4.0.0
Known to fail:
Last reconfirmed: 2004-04-16 14:03:43


Attachments
Test case (1.97 KB, text/plain)
2004-04-16 13:44 UTC, Pétur Runólfsson
Details
Test case (529 bytes, text/plain)
2004-04-16 13:45 UTC, Pétur Runólfsson
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Pétur Runólfsson 2004-04-16 13:44:02 UTC
This bit from basic_filebuf::imbue in include/bits/fstream.tcc can't
possibly be correct:

              else if (_M_writing && (__testvalid = _M_terminate_output()))
                _M_set_buffer(-1);
            }
        }

      if (__testvalid)
        _M_codecvt = _M_codecvt_tmp;

If __testvalid is false for some reason (for example because
_M_terminate_output returned false because of a low-level write error),
then _M_codecvt will still point to the codecvt facet from the old locale.

Since no reference is kept to the old locale, the facet may be deleted at
any time, and so keeping a pointer to it is certainly wrong.
Comment 1 Pétur Runólfsson 2004-04-16 13:44:53 UTC
Created attachment 6094 [details]
Test case

This test case shows a segfault after a low-level write error.
Comment 2 Pétur Runólfsson 2004-04-16 13:45:35 UTC
Created attachment 6095 [details]
Test case

This test case shows a segfault when an overridden version of
overflow returns eof().
Comment 3 Paolo Carlini 2004-04-16 14:03:42 UTC
Hi Pétur, thanks for the testcases. Indeed, while working on 12077 I had noticed
that something was wrong... but had hoped nobody would notice ;)
Comment 4 CVS Commits 2004-04-16 16:06:28 UTC
Subject: Bug 14975

CVSROOT:	/cvs/gcc
Module name:	gcc
Changes by:	paolo@gcc.gnu.org	2004-04-16 16:06:22

Modified files:
	libstdc++-v3   : ChangeLog 
	libstdc++-v3/include/bits: fstream.tcc 
Added files:
	libstdc++-v3/testsuite/27_io/basic_filebuf/imbue/char: 
	                                                       14975-1.cc 
	libstdc++-v3/testsuite/27_io/basic_filebuf/imbue/wchar_t: 
	                                                          14975-2.cc 

Log message:
	2004-04-16  Paolo Carlini  <pcarlini@suse.de>
	
	PR libstdc++/14975
	* include/bits/fstream.tcc (basic_filebuf::imbue): Zero _M_codecvt
	in case of error.
	* testsuite/27_io/basic_filebuf/imbue/char/14975-1.cc: New.
	* testsuite/27_io/basic_filebuf/imbue/wchar_t/14975-2.cc: New.

Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/ChangeLog.diff?cvsroot=gcc&r1=1.2449&r2=1.2450
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/include/bits/fstream.tcc.diff?cvsroot=gcc&r1=1.120&r2=1.121
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/testsuite/27_io/basic_filebuf/imbue/char/14975-1.cc.diff?cvsroot=gcc&r1=NONE&r2=1.1
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/testsuite/27_io/basic_filebuf/imbue/wchar_t/14975-2.cc.diff?cvsroot=gcc&r1=NONE&r2=1.1

Comment 5 Pétur Runólfsson 2004-04-17 14:49:47 UTC
       if (__testvalid)
 	_M_codecvt = _M_codecvt_tmp;
+      else
+	_M_codecvt = 0;
     }

It would probably also be a good idea to somehow signal the error in
overflow (for example by throwing an exception).
Comment 6 Paolo Carlini 2004-04-17 22:11:04 UTC
Ok, thanks, I will look into this.
Comment 7 CVS Commits 2004-04-29 10:26:49 UTC
Subject: Bug 14975

CVSROOT:	/cvs/gcc
Module name:	gcc
Branch: 	gcc-3_4-branch
Changes by:	paolo@gcc.gnu.org	2004-04-29 10:26:44

Modified files:
	libstdc++-v3   : ChangeLog 
	libstdc++-v3/include/bits: fstream.tcc 
Added files:
	libstdc++-v3/testsuite/27_io/basic_filebuf/imbue/char: 
	                                                       14975-1.cc 
	libstdc++-v3/testsuite/27_io/basic_filebuf/imbue/wchar_t: 
	                                                          14975-2.cc 

Log message:
	2004-04-29  Paolo Carlini  <pcarlini@suse.de>
	
	PR libstdc++/14975
	* include/bits/fstream.tcc (basic_filebuf::imbue): Zero _M_codecvt
	in case of error.
	* testsuite/27_io/basic_filebuf/imbue/char/14975-1.cc: New.
	* testsuite/27_io/basic_filebuf/imbue/wchar_t/14975-2.cc: New.

Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-3_4-branch&r1=1.2224.2.87&r2=1.2224.2.88
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/include/bits/fstream.tcc.diff?cvsroot=gcc&only_with_tag=gcc-3_4-branch&r1=1.116.4.4&r2=1.116.4.5
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/testsuite/27_io/basic_filebuf/imbue/char/14975-1.cc.diff?cvsroot=gcc&only_with_tag=gcc-3_4-branch&r1=NONE&r2=1.1.6.1
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/testsuite/27_io/basic_filebuf/imbue/wchar_t/14975-2.cc.diff?cvsroot=gcc&only_with_tag=gcc-3_4-branch&r1=NONE&r2=1.1.6.1

Comment 8 Paolo Carlini 2004-04-29 10:27:47 UTC
Fixed for 3.4.1.