stdcxx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Sebor (JIRA)" <j...@apache.org>
Subject [jira] Updated: (STDCXX-131) SIGSEGV in std::stable_partition() due to double destruction
Date Mon, 05 Jun 2006 19:44:50 GMT
     [ http://issues.apache.org/jira/browse/STDCXX-131?page=all ]

Martin Sebor updated STDCXX-131:
--------------------------------

    Fix Version: 4.2
                     (was: 4.1.4)

> SIGSEGV in std::stable_partition() due to double destruction
> ------------------------------------------------------------
>
>          Key: STDCXX-131
>          URL: http://issues.apache.org/jira/browse/STDCXX-131
>      Project: C++ Standard Library
>         Type: Bug

>   Components: 25. Algorithms
>     Versions: 4.1.2, 4.1.3
>  Environment: all
>     Reporter: Martin Sebor
>     Assignee: Anton Pevtsov
>      Fix For: 4.2

>
> From http://mail-archives.apache.org/mod_mbox/incubator-stdcxx-dev/200601.mbox/%3c43DA43F0.9020601@moscow.vdiweb.com%3e:
> -------- Original Message --------
> Subject: Re: Re: test for lib.alg.partitions
> Date: Fri, 27 Jan 2006 19:01:52 +0300
> From: Anton Pevtsov <antonp@moscow.vdiweb.com>
> Reply-To: stdcxx-dev@incubator.apache.org
> To: stdcxx-dev@incubator.apache.org
> ...
> Martin Sebor wrote:
> > It's certainly possible that there is a bug in the algorithm, but I
> > would be more inclined to suspect the test before the algorithm just
> > because you just made making non-trivial changes to it.
> [...]
> > A simple test case would be helpful.
> The old test version didn't exercise all possible cases. I updated the
> test according to your notes and got the same results. So I still
> suspect the bug in the algorithm.
> The attached file stable_partition_test.cpp illustrates the problem: 
> the algorithm fails when the predicate returns true for any element.
> I debug the algorithm and found the following code in algorithm.cc, line
> 760:
> ...
>     _Dist __fill = 0;
>     const _BidirIter __res =
>         __stable_partition_adaptive (__first, __last, __pred, __dist,
>                                      __pair.first, __pair.second,
>                                      __fill, (_TypeT*)0);
>     for (_TypeT *__ptr = __pair.first + __fill; !(__pair.first ==
> --__ptr); )
>         (*__ptr).~_TypeT ();
> ...
> If the __fill remains equal to 0 after the __stable_partition_adaptive
> call the "for" will never end and will try to call destructors of
> non-existing elements moving from the left bound of the given sequence
> to left. Also if __fill is equal to 1 no destructors will be called, but
> one should be, shouldn't it?
> May be, something like this
> ...
>     for (_TypeT *__ptr = __pair.first + __fill; !(__pair.first ==
> __ptr--); )
>         (*__ptr).~_TypeT ();
> ...
> will fix the issue?
> And I have another question: what will happen with the temporary buffer
> in stable_partition if the X copy ctor throws an exception? It looks
> like the buffer will leak.
> With best wishes,
> Anton Pevtsov

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message