[Bug libstdc++/97415] New: Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer)

chfast at gmail dot com gcc-bugzilla@gcc.gnu.org
Wed Oct 14 10:08:35 GMT 2020 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97415

            Bug ID: 97415
           Summary: Invalid pointer comparison in stringbuf::str()
                    (reported by pointer-compare AddressSanitizer)
           Product: gcc
           Version: 10.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: chfast at gmail dot com
  Target Milestone: ---

When my application is instrumented with -fsanitize=address,pointer-compare
and running under ASAN_OPTIONS=detect_invalid_pointer_pairs=2,
I get for following failure in basic_stringbuf::str()

==3879==ERROR: AddressSanitizer: invalid-pointer-pair: 0x7ffcdf273b66
0x000000000000
    #0 0x5597a6c6d786 in std::__cxx11::basic_stringbuf<char,
std::char_traits<char>, std::allocator<char> >::str() const
/usr/include/c++/10/sstream:184
    #1 0x5597a6c6d786 in std::__cxx11::basic_ostringstream<char,
std::char_traits<char>, std::allocator<char> >::str() const
/usr/include/c++/10/sstream:678
    #2 0x5597a6c6d786 in std::basic_ostream<char, std::char_traits<char> >&
std::__detail::operator<< <char, std::char_traits<char>,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >
const&>(std::basic_ostream<char, std::char_traits<char> >&,
std::__detail::_Quoted_string<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, char> const&)
/usr/include/c++/10/bits/quoted_string.h:130
    #3 0x5597a6c6d786 in std::basic_ostream<char, std::char_traits<char> >&
std::filesystem::__cxx11::operator<< <char, std::char_traits<char>
>(std::basic_ostream<char, std::char_traits<char> >&,
std::filesystem::__cxx11::path const&) /usr/include/c++/10/bits/fs_path.h:441
    #4 0x5597a6c6d786 in log_total
/home/builder/project/test/spectests/spectests.cpp:675
    #5 0x5597a6c48939 in run_tests_from_dir
/home/builder/project/test/spectests/spectests.cpp:708
    #6 0x5597a6c48939 in main
/home/builder/project/test/spectests/spectests.cpp:750

Here is the implementation of basic_stringbuf::str() used for compilation:

      __string_type
      str() const
      {
        __string_type __ret(_M_string.get_allocator());
        if (this->pptr())
          {
            // The current egptr() may not be the actual string end.
            if (this->pptr() > this->egptr())
              __ret.assign(this->pbase(), this->pptr());
            else
              __ret.assign(this->pbase(), this->egptr());
          }
        else
          __ret = _M_string;
        return __ret;
      }

In the line `if (this->pptr() > this->egptr())`,
the `this->egptr()` may be nullptr and therefore AddressSanitizer complains
about this comparison.

I don't have handy repro code for the issue, but I can try to build one if
desired.

GCC version: cpp (Debian 10.2.0-15) 10.2.0

More information about the Gcc-bugs mailing list