Return-Path: 
 <issues-return-2675-apmail-stdcxx-issues-archive=stdcxx.apache.org@stdcxx.apache.org>
X-Original-To: apmail-stdcxx-issues-archive@minotaur.apache.org
Delivered-To: apmail-stdcxx-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 7E8859BC2
	for <apmail-stdcxx-issues-archive@minotaur.apache.org>;
 Sun,  5 Feb 2012 09:48:21 +0000 (UTC)
Received: (qmail 36478 invoked by uid 500); 5 Feb 2012 09:48:20 -0000
Delivered-To: apmail-stdcxx-issues-archive@stdcxx.apache.org
Received: (qmail 36449 invoked by uid 500); 5 Feb 2012 09:48:19 -0000
Mailing-List: contact issues-help@stdcxx.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@stdcxx.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@stdcxx.apache.org>
List-Post: <mailto:issues@stdcxx.apache.org>
List-Id: <issues.stdcxx.apache.org>
Reply-To: dev@stdcxx.apache.org
Delivered-To: mailing list issues@stdcxx.apache.org
Received: (qmail 36441 invoked by uid 99); 5 Feb 2012 09:48:17 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 05 Feb 2012 09:48:17 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED,T_RP_MATCHES_RCVD
X-Spam-Check-By: apache.org
Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 05 Feb 2012 09:48:14 +0000
Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116])
	by hel.zones.apache.org (Postfix) with ESMTP id 57A551A4D66
	for <issues@stdcxx.apache.org>; Sun,  5 Feb 2012 09:47:53 +0000 (UTC)
Date: Sun, 5 Feb 2012 09:47:53 +0000 (UTC)
From: "Farid Zaripov (Issue Comment Edited) (JIRA)" <jira@apache.org>
To: issues@stdcxx.apache.org
Message-ID: 
 <431626351.12742.1328435273360.JavaMail.tomcat@hel.zones.apache.org>
In-Reply-To: 
 <330482791.12512.1328421173597.JavaMail.tomcat@hel.zones.apache.org>
Subject: [jira] [Issue Comment Edited] (STDCXX-1058)
 std::basic_ios<>::copyfmt() with registered callback (via
 std::ios_base::register_callback()) run-time SIGABRT
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
X-Virus-Checked: Checked by ClamAV on apache.org


    [ https://issues.apache.org/jira/browse/STDCXX-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13200704#comment-13200704 ] 

Farid Zaripov edited comment on STDCXX-1058 at 2/5/12 9:46 AM:
---------------------------------------------------------------

Fixed formatting using tags from [here|https://issues.apache.org/jira/secure/WikiRendererHelpAction.jspa?section=all].
                
      was (Author: farid):
    Fixed formatting using {code} and {noformat} tags.
                  
> std::basic_ios<>::copyfmt() with registered callback (via std::ios_base::register_callback()) run-time SIGABRT 
> ---------------------------------------------------------------------------------------------------------------
>
>                 Key: STDCXX-1058
>                 URL: https://issues.apache.org/jira/browse/STDCXX-1058
>             Project: C++ Standard Library
>          Issue Type: Bug
>          Components: 27. Input/Output
>    Affects Versions: 4.2.1, 4.2.x, 4.3.x, 5.0.0
>         Environment: Solaris 10 and 11, Red Hat Linux, OpenSuSE Linux
> Sun C++ Compilers 12.1, 12.2, 12.3
> Defect is independent of platform or compiler.
>            Reporter: Stefan Teleman
>              Labels: crash, segmenation_fault
>             Fix For: 4.2.x, 4.3.x, 5.0.0
>
>         Attachments: test.cc
>
>
> A stream with a registered callback via register_callback() SIGABRTs at run-time:
> {code}
> #include <iostream>
> #include <fstream>
> int x;
> void testfun (std::ios_base::event ev, std::ios_base& iosobj, int index)
> {
>   x = index;
>   switch (ev)
>   {
>     case std::ios_base::copyfmt_event:
>       std::cerr << "copyfmt_event" << std::endl; break;
>     case std::ios_base::imbue_event:
>       std::cerr << "imbue_event" << std::endl; break;
>     case std::ios_base::erase_event:
>       std::cerr << "erase_event" << std::endl; break;
>     default:
>       std::cerr << "unknown" << std::endl; break;
>   }
> }
> int main ()
> {
>   std::fstream f0;
>   std::fstream f1;
>   int i = 101;
>   std::ios_base::event_callback e1 = &testfun;
>   f0.register_callback (e1, i);
>   x = 0;
>   f0.imbue (std::cerr.getloc());
>   if (x != i)
>     std::cerr << "x: expected " << i << " got " << x << std::endl;
>   x = 0;
>   f0.copyfmt (f1);
>   if (x != i)
>     std::cerr << "x: expected " << i << " got " << x << std::endl;
>   return 0;
> }
> {code}
> Output from GCC 4.5.0:
> {noformat}
> [steleman@darthvader][/src/steleman/programming/stdcxx-ss122/bugfixes-sunw/fstream.copyfmt][02/05/2012 0:32:42][1340]>> ./test-gcc 
> imbue_event
> erase_event
> {noformat}
> Output from Sun C++ 12.2 with stlport4:
> {noformat}
> [steleman@darthvader][/src/steleman/programming/stdcxx-ss122/bugfixes-sunw/fstream.copyfmt][02/05/2012 0:32:44][1341]>> ./test-ss12-stlport 
> imbue_event
> erase_event
> copyfmt_event
> erase_event
> {noformat}
> Output from Sun C++ 12.2 with our stdcxx (patched):
> {noformat}
> [steleman@darthvader][/src/steleman/programming/stdcxx-ss122/bugfixes-sunw/fstream.copyfmt][02/05/2012 0:32:58][1342]>> ./test-ss12-stdcxx 
> imbue_event
> erase_event
> {noformat}
> Output from Pathscale 4.0.12.1 (which didn't patch stdcxx):
> {noformat}
> [steleman@darthvader][/src/steleman/programming/stdcxx-ss122/bugfixes-sunw/fstream.copyfmt][02/05/2012 0:33:03][1343]>> ./test-pathscale 
> imbue_event
> erase_event
> *** glibc detected *** ./test-pathscale: double free or corruption (fasttop): 0x 000000000605480 ***
> ======= Backtrace: =========
> /lib64/libc.so.6(+0x73286)[0x7f78cbb7f286]
> /lib64/libc.so.6(cfree+0x6c)[0x7f78cbb8402c]
> /opt/pathscale/ekopath-4.0.12.1/lib/4.0.12.1/x8664/64/libcxxrt.so(_ZdlPv+0xd)[0x f78cc097d63]
> /opt/pathscale/ekopath-4.0.12.1/lib/4.0.12.1/x8664/64/libstl.so(_ZNSt8ios_base11 C_usr_data10_C_deallocEPS0_+0x2d)[0x7f78cc300b5b]
> ======= Memory map: ========
> 00400000-00404000 r-xp 00000000 103:00 9582413                           /src/steleman/programming/stdcxx-ss122/bugfixes-sunw/fstream.copyfmt/test-pathscale
> 00603000-00604000 r--p 00003000 103:00 9582413                           /src/steleman/programming/stdcxx-ss122/bugfixes-sunw/fstream.copyfmt/test-pathscale
> 00604000-00605000 rw-p 00004000 103:00 9582413                           /src/steleman/programming/stdcxx-ss122/bugfixes-sunw/fstream.copyfmt/test-pathscale
> 00605000-00626000 rw-p 00000000 00:00 0                                  [heap]
> [ ... ]
> {noformat}
> I no longer have an unpatched stdcxx handy for the Sun C++ compilers available
> to reproduce the defect with the Sun C++ compiler.
> Defect is in file src/iostore.cpp, starting at line 275:
> _C_usr->_C_iarray, _C_usr->_C_parray and _C_usr->_C_cbarray
> are not set to NULL after deletion:
> {code}
>     _TRY {
>         if (_C_usr) {
>             // fire erase events (27.4.4.2, p17) - may throw
>             if (_C_usr->_C_fire)
>                 (this->*_C_usr->_C_fire)(erase_event, true /* reentrant */);
>             // delete existing arrays, if any; _C_usr will only be deleted
>             // if `rhs' contains no user data (see below)
>             operator delete (_C_usr->_C_iarray);
>             _C_usr->_C_iarray = 0UL; // <----- !!
>             operator delete (_C_usr->_C_parray);
>             _C_usr->_C_parray = 0UL; // <----- !!
>             operator delete (_C_usr->_C_cbarray);
>             _C_usr->_C_cbarray = 0UL; // <----- !!
>         }
> {code}
> Patch for 4.2.1 to follow shortly.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira