2 bugs in mt_allocator (tested on gcc 4.1.1)

dk dk@rle.ru
Thu Sep 21 14:00:00 GMT 2006


Hi!
This example will demonstrate 2 problems in mt_allocator.cc:

         typedef __gnu_cxx::__mt_alloc<char> allocator_type;
         typedef __gnu_cxx::__pool_base::_Tune tune_type;

         allocator_type mt_char;
         tune_type t(8, 40000, 8, (50000 - 4 * sizeof(void*)), 4096, 10,  
false);
         mt_char._M_set_options(t);
         allocator_type::pointer pc = mt_char.allocate(40000);

First bug in __pool<..>::_M_initialize():
         Binmap_type __bin_max = _M_options._M_min_bin;  // not correct.
         size_t __bin_max = _M_options._M_min_bin; // correct.

Second bug in __pool<..>::_M_reserve_block():

   while (--__block_count > 0) // not correct because __block_count may be  
equal 0(and size_t is unsigned)
       {
         __c += __bin_size;
         __block->_M_next = reinterpret_cast<_Block_record*>(__c);
         __block = __block->_M_next;
       }

   while (__block_count > 0) // correct
       {
         __c += __bin_size;
         __block->_M_next = reinterpret_cast<_Block_record*>(__c);
         __block = __block->_M_next;
        --__block_count;
       }
Best regards, dk.



More information about the Gcc-bugs mailing list