This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug c++/29787] New: std::vector can access negative value (std runtime bug?)
- From: "key at timeold dot ru" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: 9 Nov 2006 21:23:05 -0000
- Subject: [Bug c++/29787] New: std::vector can access negative value (std runtime bug?)
- Reply-to: gcc-bugzilla at gcc dot gnu dot org
When you accessing vector element by negative index, nothing happens (but as i
think, the runtime error should happened). The glibc (double free()) happens
when destructor of the vector object called (at the end of the program). While
you haven't reached the vector object destructor, you can work normally and no
effect happens(? May be strange random SegFaults in random time).
Here is example code of the problem:
#include <vector>
#include <iostream>
#include <stdio.h>
int main(int argc, char argv[]){
std::vector <int> v;
for(int j = 0; j <= 10; j++){
int *i = new int;
*i = 10;
v.push_back(*i);
}
int j = -1;
v[j] = 11;
std::cout << "....." << v[j] << std::endl;
printf("v[-1]: %d\n", v[j]);
v.clear();
std::cout << "Clearing finished... Empty: " << v.empty() << std::endl;
//many operations
// <- he you can MADE MANY operations (program may work for hours,
// without any bad effects)
std::cout << "All is still ok..." << std::endl;
}
Compiled it with:
g++ bug.cc --debug -Wall -o bug
./bug
.....11
v[-1]: 11
Clearing finished... Empty: 1
All is still ok...
*** glibc detected *** ./bug: double free or corruption (out):
0x0000000000503160 ***
======= Backtrace: =========
/lib/libc.so.6[0x2b077879a7ec]
/lib/libc.so.6(__libc_free+0x76)[0x2b077879b356]
/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/libstdc++.so.6(_ZdlPv+0xe)[0x2b077838b04e]
./bug[0x401965]
./bug[0x401772]
./bug[0x4011a2]
./bug(__gxx_personality_v0+0x4d4)[0x401014]
./bug(__gxx_personality_v0+0x38e)[0x400ece]
/lib/libc.so.6(__libc_start_main+0xf6)[0x2b077874e136]
./bug(__gxx_personality_v0+0x69)[0x400ba9]
======= Memory map: ========
......skipped.....
With gdb, i see that bug happens is in line 83 of new_allocator.h:
"
// __p is not permitted to be a null pointer.
void
deallocate(pointer __p, size_type)
{ ::operator delete(__p); }
"
Gcc compiled with: --prefix=/usr
--bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/4.1.1
--includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/include
--datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.1
--mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.1/man
--infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.1/info
--with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/include/g+
+-v4
--host=x86_64-pc-linux-gnu
--build=x86_64-pc-linux-gnu
--disable-altivec
--enable-nls
--without-included-gettext
--with-system-zlib
--disable-checking
--disable-werror
--disable-libunwind-exceptions
--enable-multilib
--disable-libmudflap
--disable-libssp
--disable-libgcj
--enable-languages=c,c++,fortran
--enable-shared
--enable-threads=posix
--enable-__cxa_atexit
--enable-clocale=gnu
CFLAGS="-march=k8 -pipe -O2"
CXXFLAGS="-march=k8 -pipe -O2"
Same problem also exists on gcc 3.4.6 under cygwin.
Is it a bug or feature? On MS VC++ compiler v[j] line generates runtime
exception immediately.
Sorry for my *bad* English.
--
Summary: std::vector can access negative value (std runtime bug?)
Product: gcc
Version: 3.4.6
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: key at timeold dot ru
GCC build triplet: x86_64-pc-linux-gnu
GCC host triplet: x86_64-pc-linux-gnu
GCC target triplet: x86_64-pc-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29787