This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug c++/15283] New: Invalid pointer when using ::delete operator
- From: "alx_s at hotmail dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: 4 May 2004 18:43:02 -0000
- Subject: [Bug c++/15283] New: Invalid pointer when using ::delete operator
- Reply-to: gcc-bugzilla at gcc dot gnu dot org
operator delete gets a wrong pointer when global form of operator delete() is used.
Pointer doesn't point to a complete object, but to a base class subobject for
dynamic types.
I tested gcc 3.2, 3.3 and 3.4 on SPARC Solaris and RedHat Linux.
All the same. It results in a segmentation fault on Linux.
Here is the test. Pointers for operator delete() should be the same as pointers
returned by correspondent operator new()
==== cut ====================
#include <stdio.h>
#include <stdlib.h>
#include <new>
void* operator new(size_t sz)
{
void* res = malloc(sz);
printf("new(%d) - %p\n", sz, res);
return res;
}
void operator delete(void* ptr)
{
printf("delete(%p)\n", ptr);
free(ptr);
}
struct A
{
int a_;
virtual ~A() {}
};
struct B
{
int b_;
virtual ~B() {}
};
struct C : A, B
{
int c_;
};
int main()
{
// OK
B* b = new C;
delete b;
// Problem
b = new C;
::delete b;
return 0;
}
===== cut =====
$ g++ test2.cpp
$ a.out
Solaris result:
new(20) - 21288
delete(21288)
new(20) - 21288
delete(21290) <== WRONG!!!
The last line should be delete(21288)
Linux result:
new(20) - 0x8049de0
delete(0x8049de0)
new(20) - 0x8049de0
delete(0x8049de8)
Segmentation fault
--
Summary: Invalid pointer when using ::delete operator
Product: gcc
Version: 3.4.0
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: c++
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: alx_s at hotmail dot com
CC: gcc-bugs at gcc dot gnu dot org
GCC build triplet: sparc-sun-solaris2.8
GCC host triplet: sparc-sun-solaris2.8
GCC target triplet: sparc-sun-solaris2.8
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15283