This discussion is archived
5 Replies Latest reply: Sep 14, 2012 1:46 AM by 957224 RSS

Crash in auto_ptr constructor using libCstd, CC 5.12 ... bug?

957224 Newbie
Currently Being Moderated
We're in the middle of porting/upgrading from CC 5.9 to CC 5.12 on Solaris/amd64.

We have a mixture of code which builds with Cstd (eg due to third-party dependencies) and code using stlport4 which is our 'preferred' choice.

We are seeing crashes in the auto_ptr constructor in Cstd builds only, trying to delete an uninitialised pointer when constructing an auto_ptr from another auto_ptr where the parameter pointer is the return value of a method (ie an rvalue).

Here's the relevant chunk of code from prod/include/CC/Cstd/memory:

void reset (_XX* p = 0) RWSTDTHROW_SPEC_NULL
{
if (the_p != p)
{
delete the_p;
the_p = p;
}
}

//#ifndef RWSTDNO_MEM_CLASS_TEMPLATES
auto_ptr(auto_ptr_ref<_XX> r) RWSTDTHROW_SPEC_NULL
{
reset(r.release());
}

... this looks 'obviously' broken - at the point that the constructor here is invoked the_p member will be uninitialised and potentially pointing 'anywhere' in memory, and then we'll end up trying to delete it in the call to reset().

Note that this problem only applies to the constructor which takes an auto_ptr_ref, the 'vanilla' copy constructor is fine (doesn't attempt to call reset()):

auto_ptr (auto_ptr<_XX>& a) RWSTDTHROW_SPEC_NULL
: the_p((_RWSTD_CONST_CAST(auto_ptr<_XX>&,a)).release())
{ ; }

... so I guess that what is happening here is that the newer compiler being more standards-compliant is taking the auto_ptr_ref path (because I'm constructing from an auto_ptr rvalue returned by a 'factory' method?) and hence 'exposing' the bug.

Has this been seen/reported before? It seems too 'obvious' a problem to not have been encountered elsewhere.

Thanks,

Matt.

Edited by: matt.stupple on 12-Sep-2012 03:46
  • 1. Re: Crash in auto_ptr copy constructor using libCstd, CC 5.12 ... bug?
    957224 Newbie
    Currently Being Moderated
    Here's a simple program to reproduce:
    Line: -----
    #include <iostream>
    #include <memory>

    using namespace std;

    auto_ptr<int> getPtr(const int n)
    {
    auto_ptr<int> ret;
    if (n % 10 == 0)
    {
    ret.reset(new int(n));
    }
    return ret;
    }

    struct Test
    {
    auto_ptr<int> m_ptr;
    Test(const int n) : m_ptr(getPtr(n)) {}
    };

    int main(int, char*[])
    {
    for (int i=0; i<1000; ++i)
    {
    Test t(i);
    cout << i << ' ';
    }
    cout << endl;

    return 0;
    }
    Line: -----

    Compile and run (using default Cstd library) - crashes:

    Line: -----
    $ CC -V -g +w2 48874.cxx
    CC: Sun C++ 5.12 SunOS_i386 2011/11/16
    ccfe: Sun C++ 5.12 SunOS_i386 2011/11/16
    /opt/SolarisStudio/solarisstudio12.3/prod/bin/c++filt: Sun C++ 5.12 SunOS_i386 2011/11/16
    ld: Software Generation Utilities - Solaris Link Editors: 5.10-1.502
    $ ./a.out
    Segmentation Fault
    Line: -----

    Compile and run using stlport4 - no crash:

    Line: -----
    mifexdev1:~/dev/playpen$ CC -V -g +w2 -library=stlport4 48874.cxx
    CC: Sun C++ 5.12 SunOS_i386 2011/11/16
    ccfe: Sun C++ 5.12 SunOS_i386 2011/11/16
    /opt/SolarisStudio/solarisstudio12.3/prod/bin/c++filt: Sun C++ 5.12 SunOS_i386 2011/11/16
    ld: Software Generation Utilities - Solaris Link Editors: 5.10-1.502
    mifexdev1:~/dev/playpen$ ./a.out
    0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 ...
    Line: -----
  • 2. Re: Crash in auto_ptr copy constructor using libCstd, CC 5.12 ... bug?
    Steve_Clamage Pro
    Currently Being Moderated
    I cannot reproduce your problem using recent patches of C++ 5.12 and, more importantly, the runtime libraries. (Some bugs related to auto_ptr were fixed in 2010.)

    The tested compiler has patch -03
    % CC -V
    CC: Sun C++ 5.12 SunOS_i386 Patch 148509-03 2012/06/12

    The tested C++ runtime libraries are from Solaris 10u10, which has patch level -24
    % version /usr/lib/libCstd.so.1
    /usr/lib/libCstd.so.1: Sun SUNWlibC SunOS 5.10 SunOS_i386 Patch 119964-24 2011/04/12
    (The "version" command is in the same directory as the CC command.)

    Update to recent patches and see if that fixes your problem. If you are not running Solaris 10u10 or later, you should get the current SUNWlibC patch for your version of Solaris.

    Also, I cannot find code that looks exactly like what you posted from Cstd/memory. So you would need a compiler update for the header changes, and runtime library update would be a good idea so it matches the headers.

    Edited by: Steve_Clamage on Sep 12, 2012 11:21 AM
  • 3. Re: Crash in auto_ptr copy constructor using libCstd, CC 5.12 ... bug?
    957224 Newbie
    Currently Being Moderated
    Note that although the crash is 100% reproducible for me, it is in theory entirely non-deterministic so may be less easy to reproduce on a different host/environment/whatever.

    In any acse, it looks like I have the right runtime library:

    $ version /usr/lib/libCstd.so.1
    /usr/lib/libCstd.so.1: Sun SUNWlibC SunOS 5.10 SunOS_i386 Patch 119964-24 2011/04/12

    ... but unpatched CC compiler:

    $ CC -V
    CC: Sun C++ 5.12 SunOS_i386 2011/11/16

    I'll have a look at getting this patched up to latest, however it would be very helpful in justifying purchasing a support contract if you could confirm a specific fix/change in this area - I would assume that any fixes made in 2010 would already be included in my version of the compiler/runtime...?
  • 4. Re: Crash in auto_ptr copy constructor using libCstd, CC 5.12 ... bug?
    Steve_Clamage Pro
    Currently Being Moderated
    Your exact problem was reported in bug 7019026, reported in 2011, and was fixed in patch -01 to C++ 5.12 (Studio 12.3).
    There is no point in installing anything but the most recent patch, however, and patches are cumulative. Installing -03 gets you the fixes in patches -01 and -02.
  • 5. Re: Crash in auto_ptr copy constructor using libCstd, CC 5.12 ... bug?
    957224 Newbie
    Currently Being Moderated
    Perfect, thanks Steve.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points