c++/6322: Multiple inheritance structure causes segfault on delete.

xternal@centibyte.org xternal@centibyte.org
Tue Apr 16 06:13:00 GMT 2002


>Number:         6322
>Category:       c++
>Synopsis:       Multiple inheritance structure causes segfault on delete.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          wrong-code
>Submitter-Id:   net
>Arrival-Date:   Tue Apr 16 05:46:06 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Doug Johnson
>Release:        3.2 20020411 (experimental)
>Organization:
>Environment:
System: Linux shimmer 2.4.18 #6 Fri Mar 22 22:12:55 CST 2002 i686 unknown 
Architecture: i686
host: i686-pc-linux-gnu
build: i686-pc-linux-gnu
target: i686-pc-linux-gnu
configured with: ../gcc/configure --prefix=/opt/gcc --program-suffix=-cvs --enable-languages=c,c++
>Description:
A simple 5-element multiple inheritance structure can cause the output program to segfault if an object of the class is deleted by means of a pointer to a specific element of the inheritance structure.

The class must have two superclasses.  Each superclass must itself have a superclass. If a pointer to the *second* of the initial two superclasses is deleted, the program will segfault.  The problem goes away if that superclass is given a virtual destructor.

The order of the superclasses is relevant.  If you have a class:
   
    class C: public A, public B {...}

(where A and B themselves have superclasses) Then deleting a pointer to B will segfault, but a pointer to A will work fine.  If however you have:

    class C: public B, public A {...}

Then deleting a pointer to A will segfault, and a pointer to B will work fine.  I have not tried it with more than two superclasses.

        
>How-To-Repeat:
Compile the program with the command

    g++ -o delete-bug delete-bug.cc -g -Wall -Werror
        
The program will segfault on the 'delete object;' line.

I've commented out the output statements so that the program doesn't include any other files.  However, they may be useful to demonstrate where the problem occurs after determining that the problem is in fact in this file.
        
I've tested this process with gcc 2.95, 3.0 and the CVS version as of April 11, 2002. I get the same results with each versions.
        
>Fix:
Give the top level classes virtual destructors.
>Release-Note:
>Audit-Trail:
>Unformatted:
----gnatsweb-attachment----
Content-Type: text/x-c++src; name="gccbug.cc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="gccbug.cc"

Ly8jaW5jbHVkZSA8aW9zdHJlYW0+Ci8vI2luY2x1ZGUgPHN0cmluZz4KCnVzaW5nIG5hbWVzcGFj
ZSBzdGQ7CgpjbGFzcyBHcmFuZFBhcmVudCB7IApwdWJsaWM6CgkvLyBBZGRpbmcgYSB2aXJ0dWFs
IGRlc3RydWN0b3IgdG8gdGhlIGdyYW5kcGFyZW50IG9uIHRoZSByaWdodCBzaWRlIAoJLy8gZml4
ZXMgdGhlIHByb2JsZW0KCS8vdmlydHVhbCB+R3JhbmRQYXJlbnQoKSB7fQoJCgkvLyBwb3RlbnRp
YWwgd29ya2Fyb3VuZDogCgkvLyBhZGRpbmcgYSBwdXJlIHZpcnR1YWwgZnVuY3Rpb24gdG8gaGFu
ZGxlIGRlbGV0aW5nIHRoZSBvYmplY3QgZml4ZXMgdGhlIHByb2JsZW0KCXZpcnR1YWwgdm9pZCBk
ZWxldGVNZSgpPTA7Cn07CgpjbGFzcyBMZWZ0UGFyZW50OiBwdWJsaWMgR3JhbmRQYXJlbnQgewpw
dWJsaWM6CgkvLyBhIHZpcnR1YWwgZGVzdHJ1Y3RvciBpbiB0aGUgbGVmdCBwYXJlbnQgZG9lc24n
dCBoZWxwCgkvL3ZpcnR1YWwgfkxlZnRQYXJlbnQoKSB7fQp9OwoKY2xhc3MgUmlnaHRQYXJlbnQg
OiBwdWJsaWMgR3JhbmRQYXJlbnQgewpwdWJsaWM6CgkvLyBhIHZpcnR1YWwgZGVzdHJ1Y3RvciBv
biB0aGUgcmlnaHQgcGFyZW50IGFsc28gZml4ZXMgdGhlIHByb2JsZW0KCS8vdmlydHVhbCB+Umln
aHRQYXJlbnQoKSB7fQp9OwoKY2xhc3MgQ2hpbGQ6IHB1YmxpYyBMZWZ0UGFyZW50LCBwdWJsaWMg
UmlnaHRQYXJlbnQgewpwdWJsaWM6Cgl2b2lkIGRlbGV0ZU1lKCkgewoJCWRlbGV0ZSB0aGlzOwoJ
fQp9OwoKCgppbnQgbWFpbihpbnQgYXJnYywgY2hhciAqKmFyZ3YpIHsKCQoJLy8gRGVjbGFyaW5n
IG9iamVjdCB0byBiZSBhIHBvaW50ZXIgdG8gUmlnaHRQYXJlbnQgd2lsbCBjYXVzZSBhCgkvLyBz
ZWdmYXVsdCB3aGVuIGl0IGlzIGRlbGV0ZWQuICBEZWNsYXJpbmcgaXQgYSBwb2ludGVyIHRvIExl
ZnRQYXJlbnQKCS8vIG9yIENoaWxkIHByb2R1Y2VzIHRoZSBkZXNpcmVkIChub24tc2VnZmF1bHRp
bmcpIGJlaGF2aW9yLgoJUmlnaHRQYXJlbnQgKm9iamVjdCA9IG5ldyBDaGlsZCgpOwoJLy9MZWZ0
UGFyZW50ICpvYmplY3QgPSBuZXcgQ2hpbGQoKTsKCS8vQ2hpbGQgKm9iamVjdCA9IG5ldyBDaGls
ZCgpOwoJCgkvL2NvdXQgPDwgX19GSUxFX18gPDwgIjogdHJ5aW5nIHRvIGRlbGV0ZSBvYmplY3Qg
IiA8PCBvYmplY3QgPDwgIjogIiA8PCBlbmRsOwoJCgkvLyBjb21tZW50IG91dCB0aGUgJ2RlbGV0
ZSBvYmplY3QnIGxpbmUgYW5kIHVuY29tbWVudCB0aGlzIG5leHQgbGluZQoJLy8gdG8gdHJ5IHRo
ZSB2aXJ0dWFsIGZ1bmN0aW9uIHdvcmthcm91bmQuICBJdCB3b3JrcywgYnV0IGlzIGNsdW5reS4K
CS8vb2JqZWN0LT5kZWxldGVNZSgpOwoJCglkZWxldGUgb2JqZWN0OwoJCgkvL2NvdXQgPDwgX19G
SUxFX18gPDwgIjogc3VjY2VzcyEgIiA8PCBlbmRsOwoJCgkKCXJldHVybiAwOwp9Cgo=



More information about the Gcc-bugs mailing list