[Bug libstdc++/98001] New: ext/stdio_filebuf/char/79820.cc is broken

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98001

            Bug ID: 98001
           Summary: ext/stdio_filebuf/char/79820.cc is broken
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: rguenth at gcc dot gnu.org
  Target Milestone: ---

The testcase reliably segfaults for me when run with

MALLOC_PERTURB_=69
MALLOC_CHECK_=3

in the environment.  It then segfaults doing

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff74ec5bb in fflush () from /lib64/libc.so.6
(gdb) up
#1  0x00007ffff7b06175 in std::__basic_file<char>::sys_open
(this=this@entry=0x7fffffffe678, 
    __file=__file@entry=0x614c20) at basic_file.cc:202
202               __err = fflush(__file);
(gdb) l
197           {
198             int __err, __save_errno = errno;
199             // POSIX guarantees that fflush sets errno on error, but C
doesn't.
200             errno = 0;
201             do
202               __err = fflush(__file);
203             while (__err && errno == EINTR);

the testcase passes a FILE * that has been fclosed() to the
__gnu_cxx::stdio_filebuf<char> CTOR which then invokes fflush on it.

fclose() is documented as

RETURN VALUE
       Upon  successful completion, 0 is returned.  Otherwise, EOF is returned
       and errno is set to indicate the error.  In either  case,  any  further
       access  (including  another  call to fclose()) to the stream results in
       undefined behavior.

so the testcase invokes undefined behavior.  I don't think there's any way
to query whether a FILE * is valid or not for the standard library.