libstdc++/7422: strstreambuf frees buffer when beeing in frozen state

rschiele@uni-mannheim.de rschiele@uni-mannheim.de
Sun Jul 28 04:35:00 GMT 2002


>Number:         7422
>Category:       libstdc++
>Synopsis:       strstreambuf frees buffer when beeing in frozen state
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jul 28 04:06:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Robert Schiele
>Release:        3.1.1
>Organization:
>Environment:
System: independent
Architecture: independent
host: independent
build: independent
target: independent
Configured with: /home/schiele/gcccvs/gcc-3.1.1/configure --enable-threads=posix --prefix=/opt/Pkg/Linux/i686/gcc311 --enable-languages=c,c++,f77,objc --disable-libgcj --with-gxx-include-dir=/opt/Pkg/Linux/i686/gcc311/include/g++ --with-system-zlib --enable-shared --enable-__cxa_atexit i486-suse-linux
>Description:
The attached sample program shows that strstreambuf frees his buffer also he was forced to frozen mode by calling the str() method. Because of that the generated string can be overwritten by code that reallocates this memory.

This is a regression to gcc 3.1!

I have not checked that, but possibly this is related to http://gcc.gnu.org/ml/gcc-patches/2002-05/msg01204.html and/or http://gcc.gnu.org/ml/libstdc++/2002-06/msg00089.html.
>How-To-Repeat:
# g++ -o strstreambug strstreambug.cc
[header warning]
# ./strstreambug
s(0x804a118):Text
s(0x804a118):ñòóôõö÷øùúûüýþÿ

should be (gcc-3.1):
# ./strstreambug
s(0x804a118):Text
s(0x804a118):Text
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:
----gnatsweb-attachment----
Content-Type: text/x-c++src; name="strstreambug.cc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="strstreambug.cc"

I2luY2x1ZGUgPHN0cnN0cmVhbT4KI2luY2x1ZGUgPGlvc3RyZWFtPgoKaW50IG1haW4oKSB7CiAg
ICBjaGFyKiBzOwogICAgewoJc3RkOjpvc3Ryc3RyZWFtIHQ7CgkKCXQgPDwgIlRleHQiIDw8IHN0
ZDo6ZW5kczsKCXMgPSB0LnN0cigpOwoJc3RkOjpjb3V0IDw8ICJzKCIgPDwgKHZvaWQqKXMgPDwg
Iik6IiA8PCBzIDw8IHN0ZDo6ZW5kbDsKICAgIH0KICAgIGNoYXIqIGEgPSBuZXcgY2hhclsxNl07
CiAgICBmb3IgKGludCBqID0gMDsgaiA8IDE2OyArK2opCglhW2pdID0gMjQxICsgajsKICAgIHN0
ZDo6Y291dCA8PCAicygiIDw8ICh2b2lkKilzIDw8ICIpOiIgPDwgcyA8PCBzdGQ6OmVuZGw7Cn0K



More information about the Gcc-bugs mailing list