incubator-stdcxx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Sebor (JIRA)" <j...@apache.org>
Subject [jira] Created: (STDCXX-131) SIGSEGV in std::stable_partition() due to double destruction
Date Thu, 02 Feb 2006 02:23:43 GMT
SIGSEGV in std::stable_partition() due to double destruction
------------------------------------------------------------

         Key: STDCXX-131
         URL: http://issues.apache.org/jira/browse/STDCXX-131
     Project: C++ Standard Library
        Type: Bug
  Components: 25. Algorithms  
    Versions: 4.1.2, 4.1.3    
 Environment: all
    Reporter: Martin Sebor
     Fix For: 4.1.4


>From http://mail-archives.apache.org/mod_mbox/incubator-stdcxx-dev/200601.mbox/%3c43DA43F0.9020601@moscow.vdiweb.com%3e:

-------- Original Message --------
Subject: Re: Re: test for lib.alg.partitions
Date: Fri, 27 Jan 2006 19:01:52 +0300
From: Anton Pevtsov <antonp@moscow.vdiweb.com>
Reply-To: stdcxx-dev@incubator.apache.org
To: stdcxx-dev@incubator.apache.org

...

Martin Sebor wrote:
> It's certainly possible that there is a bug in the algorithm, but I
> would be more inclined to suspect the test before the algorithm just
> because you just made making non-trivial changes to it.
[...]
> A simple test case would be helpful.

The old test version didn't exercise all possible cases. I updated the
test according to your notes and got the same results. So I still
suspect the bug in the algorithm.
The attached file stable_partition_test.cpp illustrates the problem: 
the algorithm fails when the predicate returns true for any element.

I debug the algorithm and found the following code in algorithm.cc, line
760:

...
    _Dist __fill = 0;

    const _BidirIter __res =
        __stable_partition_adaptive (__first, __last, __pred, __dist,
                                     __pair.first, __pair.second,
                                     __fill, (_TypeT*)0);

    for (_TypeT *__ptr = __pair.first + __fill; !(__pair.first ==
--__ptr); )
        (*__ptr).~_TypeT ();
...

If the __fill remains equal to 0 after the __stable_partition_adaptive
call the "for" will never end and will try to call destructors of
non-existing elements moving from the left bound of the given sequence
to left. Also if __fill is equal to 1 no destructors will be called, but
one should be, shouldn't it?
May be, something like this

...
    for (_TypeT *__ptr = __pair.first + __fill; !(__pair.first ==
__ptr--); )
        (*__ptr).~_TypeT ();
...
will fix the issue?


And I have another question: what will happen with the temporary buffer
in stable_partition if the X copy ctor throws an exception? It looks
like the buffer will leak.


With best wishes,
Anton Pevtsov

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message