[Bug libstdc++/42182] New: memory errors using valarrays

christian dot bruel at st dot com gcc-bugzilla@gcc.gnu.org
Thu Nov 26 11:31:00 GMT 2009


The valarray mask_array implementation creates out of bound memory accesses
when 
the number of the True bits is smaller that the size of array, although this
is perfect legal.

This produce valgrin error at best, sometime segfaults, or infinite loops.

To reproduce, compile the attached test:

  g++  -O0 va0.cxx 

gnx2439$ valgrind ./a.out==1547== Memcheck, a memory error detector
==1547== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==1547== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==1547== Command: ./a.out
==1547== 
==1547== Invalid read of size 1
==1547==    at 0x80489D1: void std::__valarray_copy<int>(std::_Array<int>,
unsigned int, std::_Array<int>, std::_Array<bool>) (in /home/bruel/tmp/a.out)
==1547==    by 0x804889A: std::mask_array<int>::operator=(std::valarray<int>
const&) const (in /home/bruel/tmp/a.out)
==1547==    by 0x80485C9: main (in /home/bruel/tmp/a.out)
==1547==  Address 0x4129061 is 0 bytes after a block of size 1 alloc'd
==1547==    at 0x40061CC: operator new(unsigned int) (vg_replace_malloc.c:214)
==1547==    by 0x8048644: std::__valarray_get_memory(unsigned int) (in
/home/bruel/tmp/a.out)
==1547==    by 0x80488E6: bool* restrict
std::__valarray_get_storage<bool>(unsigned int) (in /home/bruel/tmp/a.out)
==1547==    by 0x80486EE: std::valarray<bool>::valarray(bool const&, unsigned
int) (in /home/bruel/tmp/a.out)
==1547==    by 0x804857B: main (in /home/bruel/tmp/a.out)
==1547== 
==1547== Invalid write of size 4
==1547==    at 0x80489E3: void std::__valarray_copy<int>(std::_Array<int>,
unsigned int, std::_Array<int>, std::_Array<bool>) (in /home/bruel/tmp/a.out)
==1547==    by 0x804889A: std::mask_array<int>::operator=(std::valarray<int>
const&) const (in /home/bruel/tmp/a.out)
==1547==    by 0x80485C9: main (in /home/bruel/tmp/a.out)
==1547==  Address 0x4129108 is not stack'd, malloc'd or (recently) free'd
==1547== 
==1547== 
==1547== HEAP SUMMARY:
==1547==     in use at exit: 0 bytes in 0 blocks
==1547==   total heap usage: 3 allocs, 3 frees, 9 bytes allocated
==1547== 
==1547== All heap blocks were freed -- no leaks are possible
==1547== 
==1547== For counts of detected and suppressed errors, rerun with: -v
==1547== ERROR SUMMARY: 56 errors from 2 contexts (suppressed: 19 from 10)


-- 
           Summary: memory errors using valarrays
           Product: gcc
           Version: 4.5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: christian dot bruel at st dot com
 GCC build triplet: i686-pc-linux-gnu
  GCC host triplet: i686-pc-linux-gnu
GCC target triplet: i686-pc-linux-gnu


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=42182



More information about the Gcc-bugs mailing list