[Bug 1499564] [NEW] gcc-5.2.1 miscompiles moved-from deque with private allocator
Roland Dreier
roland at digitalvampire.org
Thu Sep 24 23:58:20 UTC 2015
Public bug reported:
This is upstream bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67707
with a fix already in upstream gcc.
The following program:
#include <stdio.h>
#include <utility>
#include <deque>
#include <memory>
template<typename T>
struct my_allocator: public std::allocator<T>
{
typedef size_t size_type;
typedef T * pointer;
typedef const T * const_pointer;
typedef std::false_type is_always_equal;
template<typename _Tp1>
struct rebind
{
typedef my_allocator<_Tp1> other;
};
pointer allocate(size_type n, const void *hint = nullptr)
{
return std::allocator<T>::allocate(n, hint);
}
void deallocate(pointer p, size_type n)
{
return std::allocator<T>::deallocate(p, n);
}
size_type max_size() const
{
return std::allocator<T>::max_size();
}
my_allocator() : std::allocator<T>() { }
~my_allocator() { }
my_allocator(const my_allocator & a) : std::allocator<T>(a) { }
template<typename U>
my_allocator(const my_allocator<U> & a) : std::allocator<T>(a) { }
};
int main(int argc, char * argv[])
{
std::deque<int, my_allocator<int>> a;
printf("empty %d size %zd\n", a.empty(), a.size());
a.emplace_back(1);
printf("empty %d size %zd\n", a.empty(), a.size());
std::deque<int, my_allocator<int>> b = std::move(a);
printf("empty %d size %zd\n", a.empty(), a.size());
a = std::deque<int, my_allocator<int>>();
printf("empty %d size %zd\n", a.empty(), a.size());
return 0;
}
incorrectly corrupts deque state and crashes:
$ g++-5 --std=c++11 a.cpp
$ ./a.out
empty 1 size 0
empty 0 size 1
empty 1 size -128
Segmentation fault (core dumped)
This is with:
$ g++-5 --version
g++-5 (Ubuntu 5.2.1-18ubuntu1) 5.2.1 20150922
If at all possible it would be great to get the upstream fix into Ubuntu
15.10 before the final release. The upstream patch is very small (one
line plus test case and changelog).
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: gcc-5 5.2.1-18ubuntu1
ProcVersionSignature: Ubuntu 4.2.0-10.12-generic 4.2.0
Uname: Linux 4.2.0-10-generic x86_64
ApportVersion: 2.18.1-0ubuntu1
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Sep 24 16:53:12 2015
InstallationDate: Installed on 2014-01-11 (621 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140109)
SourcePackage: gcc-5
UpgradeStatus: Upgraded to wily on 2015-09-18 (6 days ago)
** Affects: gcc-5 (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug wily
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gcc-5 in Ubuntu.
https://bugs.launchpad.net/bugs/1499564
Title:
gcc-5.2.1 miscompiles moved-from deque with private allocator
Status in gcc-5 package in Ubuntu:
New
Bug description:
This is upstream bug
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67707 with a fix already
in upstream gcc.
The following program:
#include <stdio.h>
#include <utility>
#include <deque>
#include <memory>
template<typename T>
struct my_allocator: public std::allocator<T>
{
typedef size_t size_type;
typedef T * pointer;
typedef const T * const_pointer;
typedef std::false_type is_always_equal;
template<typename _Tp1>
struct rebind
{
typedef my_allocator<_Tp1> other;
};
pointer allocate(size_type n, const void *hint = nullptr)
{
return std::allocator<T>::allocate(n, hint);
}
void deallocate(pointer p, size_type n)
{
return std::allocator<T>::deallocate(p, n);
}
size_type max_size() const
{
return std::allocator<T>::max_size();
}
my_allocator() : std::allocator<T>() { }
~my_allocator() { }
my_allocator(const my_allocator & a) : std::allocator<T>(a) { }
template<typename U>
my_allocator(const my_allocator<U> & a) : std::allocator<T>(a) { }
};
int main(int argc, char * argv[])
{
std::deque<int, my_allocator<int>> a;
printf("empty %d size %zd\n", a.empty(), a.size());
a.emplace_back(1);
printf("empty %d size %zd\n", a.empty(), a.size());
std::deque<int, my_allocator<int>> b = std::move(a);
printf("empty %d size %zd\n", a.empty(), a.size());
a = std::deque<int, my_allocator<int>>();
printf("empty %d size %zd\n", a.empty(), a.size());
return 0;
}
incorrectly corrupts deque state and crashes:
$ g++-5 --std=c++11 a.cpp
$ ./a.out
empty 1 size 0
empty 0 size 1
empty 1 size -128
Segmentation fault (core dumped)
This is with:
$ g++-5 --version
g++-5 (Ubuntu 5.2.1-18ubuntu1) 5.2.1 20150922
If at all possible it would be great to get the upstream fix into
Ubuntu 15.10 before the final release. The upstream patch is very
small (one line plus test case and changelog).
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: gcc-5 5.2.1-18ubuntu1
ProcVersionSignature: Ubuntu 4.2.0-10.12-generic 4.2.0
Uname: Linux 4.2.0-10-generic x86_64
ApportVersion: 2.18.1-0ubuntu1
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Sep 24 16:53:12 2015
InstallationDate: Installed on 2014-01-11 (621 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140109)
SourcePackage: gcc-5
UpgradeStatus: Upgraded to wily on 2015-09-18 (6 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gcc-5/+bug/1499564/+subscriptions
More information about the foundations-bugs
mailing list