[Bug libstdc++/42182] New: memory errors using valarrays
christian dot bruel at st dot com
gcc-bugzilla@gcc.gnu.org
Thu Nov 26 11:31:00 GMT 2009
The valarray mask_array implementation creates out of bound memory accesses
when
the number of the True bits is smaller that the size of array, although this
is perfect legal.
This produce valgrin error at best, sometime segfaults, or infinite loops.
To reproduce, compile the attached test:
g++ -O0 va0.cxx
gnx2439$ valgrind ./a.out==1547== Memcheck, a memory error detector
==1547== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==1547== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==1547== Command: ./a.out
==1547==
==1547== Invalid read of size 1
==1547== at 0x80489D1: void std::__valarray_copy<int>(std::_Array<int>,
unsigned int, std::_Array<int>, std::_Array<bool>) (in /home/bruel/tmp/a.out)
==1547== by 0x804889A: std::mask_array<int>::operator=(std::valarray<int>
const&) const (in /home/bruel/tmp/a.out)
==1547== by 0x80485C9: main (in /home/bruel/tmp/a.out)
==1547== Address 0x4129061 is 0 bytes after a block of size 1 alloc'd
==1547== at 0x40061CC: operator new(unsigned int) (vg_replace_malloc.c:214)
==1547== by 0x8048644: std::__valarray_get_memory(unsigned int) (in
/home/bruel/tmp/a.out)
==1547== by 0x80488E6: bool* restrict
std::__valarray_get_storage<bool>(unsigned int) (in /home/bruel/tmp/a.out)
==1547== by 0x80486EE: std::valarray<bool>::valarray(bool const&, unsigned
int) (in /home/bruel/tmp/a.out)
==1547== by 0x804857B: main (in /home/bruel/tmp/a.out)
==1547==
==1547== Invalid write of size 4
==1547== at 0x80489E3: void std::__valarray_copy<int>(std::_Array<int>,
unsigned int, std::_Array<int>, std::_Array<bool>) (in /home/bruel/tmp/a.out)
==1547== by 0x804889A: std::mask_array<int>::operator=(std::valarray<int>
const&) const (in /home/bruel/tmp/a.out)
==1547== by 0x80485C9: main (in /home/bruel/tmp/a.out)
==1547== Address 0x4129108 is not stack'd, malloc'd or (recently) free'd
==1547==
==1547==
==1547== HEAP SUMMARY:
==1547== in use at exit: 0 bytes in 0 blocks
==1547== total heap usage: 3 allocs, 3 frees, 9 bytes allocated
==1547==
==1547== All heap blocks were freed -- no leaks are possible
==1547==
==1547== For counts of detected and suppressed errors, rerun with: -v
==1547== ERROR SUMMARY: 56 errors from 2 contexts (suppressed: 19 from 10)
--
Summary: memory errors using valarrays
Product: gcc
Version: 4.5.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: christian dot bruel at st dot com
GCC build triplet: i686-pc-linux-gnu
GCC host triplet: i686-pc-linux-gnu
GCC target triplet: i686-pc-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=42182
More information about the Gcc-bugs
mailing list