stdcxx-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Sebor <mse...@gmail.com>
Subject Re: std::collate delete [] non heap memory
Date Fri, 05 Sep 2008 15:37:52 GMT
Mark Wright wrote:
> Hello Martin,
> 
> The top 4 bytes of the stack allocated pointer pbuf is
> overwritten with 4 zero bytes when I do next over this line:
> 
>         const _RWSTD_SIZE_T dst_size = strxfrm (just_in_case_buf, psrc, 0);

I wondered if it could be a bug in strxfrm(). I recall a problem
with the function (STDCXX-68) but that was on Windows.

> 
[...]
> I can reproduce it easilly, and I have stdcxx compiled with debug
> symbols, so its very easy for me to try stuff in the debuggger, just
> let me know if you want me to try something.
> 
> Or if you have some diffs for an idea to try, I can rebuild it and
> let you know the results.
> 
> It looks like this might be a bug in the Solaris 10u5 strxfrm().

Looks that way.

> 
> Unfortunately I don't have Solaris support contract, so I can't
> access SunSolve, or log a support issue with Sun.

FWIW, I've been using the Sun Developer Network bug database to
report bugs to Sun:
   http://bugreport.sun.com/bugreport/index.jsp

> Doing a
> google search I did find this hit on an old report of
> a Solaris 8 strxfrm() memory overwrite bug:
> 
> http://archives.postgresql.org/pgsql-ports/2002-05/msg00000.php
> 
> Anyway I was wondering if it might help to make the
> just_in_case_buf buffer large to try to work around Solaris 10's
> strxfrm() insanity?  I can try it if you like.

That might work but I agree that the patch you proposed in your
other post is safer. There's no need to use the MSVC workaround
on Solaris. Let me open an issue for this and apply your patch.
It will be included in 4.2.2, whenever it comes out.

Thanks for debugging it!
Martin

PS You can keep track of the issue here:
   http://issues.apache.org/jira/browse/STDCXX-1010


Mime
View raw message