From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9006 invoked by alias); 21 Jul 2004 09:49:40 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 8997 invoked by uid 48); 21 Jul 2004 09:49:38 -0000 Date: Wed, 21 Jul 2004 09:49:00 -0000 From: "Serguei dot Kolos at cern dot ch" To: gcc-bugs@gcc.gnu.org Message-ID: <20040721094933.16655.Serguei.Kolos@cern.ch> Reply-To: gcc-bugzilla@gcc.gnu.org Subject: [Bug libstdc++/16655] New: Segmentation fault in the std::ofstream destructor X-Bugzilla-Reason: CC X-SW-Source: 2004-07/txt/msg02563.txt.bz2 List-Id: On some file systems (for example on AFS), the ofstream destructor crashes the application if there is no space left on that FS. This happens because it calls the fclose() function 2 times. In more details the problem is that in case of no space left on AFS the fflush() succeeds and only fclose() fails. In this case: 1. the __basic_file::close() is called twice - first time by the basic_filebuf >::close() and second time by the __basic_file destructor. 2. in the first call the fclose() fails and the _M_cfile is not set to 0. 3. in the second call __basic_file::is_open() returns true because the _M_cfile is not 0 and the fclose() is called second time and tries to use the memory which was already freed by the previous invocation of the fclose(). 4. Program crashes. Here is the program, which reproduces the bug: #include #include using namespace std; int main() { ofstream foo( "foo.bar", std::ios::out | std::ios::trunc ); for ( int i = 0; i < 1000000; i++ ) foo << "hello"; cout << "foo.good() = " << foo.good() << endl; cout << "foo.bad() = " << foo.bad() << endl; cout << "foo.eof() = " << foo.eof() << endl; cout << "foo.fail() = " << foo.fail() << endl << endl; foo.flush(); cout << "foo.good() = " << foo.good() << endl; cout << "foo.bad() = " << foo.bad() << endl; cout << "foo.eof() = " << foo.eof() << endl; cout << "foo.fail() = " << foo.fail() << endl << endl; foo.close(); cout << "foo.good() = " << foo.good() << endl; cout << "foo.bad() = " << foo.bad() << endl; cout << "foo.eof() = " << foo.eof() << endl; cout << "foo.fail() = " << foo.fail() << endl; return 0; } The output is (on AFS with not enough space left): foo.good() = 1 foo.bad() = 0 foo.eof() = 0 foo.fail() = 0 foo.good() = 1 foo.bad() = 0 foo.eof() = 0 foo.fail() = 0 foo.good() = 0 foo.bad() = 0 foo.eof() = 0 foo.fail() = 1 Segmentation fault (core dumped) The problem does not appear for a local file system because in this case the fflush() fails and destructor works correctly. -- Summary: Segmentation fault in the std::ofstream destructor Product: gcc Version: 3.2 Status: UNCONFIRMED Severity: critical Priority: P3 Component: libstdc++ AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: Serguei dot Kolos at cern dot ch CC: gcc-bugs at gcc dot gnu dot org GCC build triplet: i386-pc-linux-gnu GCC host triplet: i386-pc-linux-gnu GCC target triplet: i386-pc-linux-gnu http://gcc.gnu.org/bugzilla/show_bug.cgi?id=16655