[Bug libstdc++/39569] New: Apparent memory corruption in std::stringstream after calling syslog()

[Bug libstdc++/39569] New: Apparent memory corruption in std::stringstream after calling syslog()

[jmcdonald at fairfield dot com]

Good afternoon,

I've encountered a memory corruption problem writing to a stringstream after
I've called syslog(), and I've been unable to find resolution.  

The short summary is that if my program makes a call to syslog(), then later
during execution when I write >136 bytes of data into an std::stringstream
object, the first 4 bytes in the stream get written as (or reset to) 0's.  (If
I write only 132 bytes into the object, the stream doesn't get corrupt.  If I
don't make the call to syslog(), the stream doesn't get corrupted.)

I've created a small, self-contained test app that seems to reliably recreate
the bug.  I have tested (and recreated) it under Fedora 8 (x86_64), Fedora 8
(ppc), and Fedora 10 (i386).  (I tried different compilers & platforms to try
and rule out problems with a particular installation/configuration.)  I can
make available a .tgz file containing this test app upon request.

My apologies in advance for any mistakes I make in submitting the bug... this
is my first gcc bug, so I'm unfamiliar with the process.

The remainder of the requested Bug info:
  Exact GCC version: gcc version 4.3.2 20081105 (Red Hat 4.3.2-7) (GCC)
  System Type:       Target: i386-redhat-linux
  GCC build options: Configured with: ../configure --prefix=/usr
--mandir=/usr/share/man --infodir=/usr/share/info
--with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-bootstrap
--enable-shared --enable-threads=posix --enable-checking=release
--with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions
--enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk
--disable-dssi --enable-plugin
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre
--enable-libgcj-multifile --enable-java-maintainer-mode
--with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib
--with-cpu=generic --build=i386-redhat-linux

  Command line which triggers bug:  
           make             # to generate test_main;
           ./test_main 1    # to run the program and write to syslog
    Note: you can also enter "./test_main 0" to run writing with printf instead
of syslog... this will not fail.

  Compiler output: 
        g++ -c -O0 -g -Wall -save-temps  test_main.cpp 
        g++ -c -O0 -g -Wall -save-temps  FfdDevice.cpp 
        g++ -c -O0 -g -Wall -save-temps  FfdDataPage.cpp 
        g++ -c -O0 -g -Wall -save-temps  Trace.cpp 
        gcc -c -O0 -g -Wall -save-temps  BoxLog.c 
        g++  -o test_main test_main.o FfdDevice.o FfdDataPage.o Trace.o
BoxLog.o  -lstdc++

  Preprocessed *.i* files:   Hmm... you have me here... I don't see a way to
attach them, or the source files themselves, to the Bugzilla bug.  I will
commit the bug and then see if some mechanism for attaching a .tgz with the
sources and .i* files.  If I can't find a way, then I will be happy to provide
the .i* files and/or sources upon request, if someone will let me know the
proper mechanism.


-- 
           Summary: Apparent memory corruption in std::stringstream after
                    calling syslog()
           Product: gcc
           Version: 4.3.2
            Status: UNCONFIRMED
          Severity: major
          Priority: P3
         Component: libstdc++
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: jmcdonald at fairfield dot com


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39569

[Bug libstdc++/39569] Apparent memory corruption in std::stringstream after calling syslog()

[jmcdonald at fairfield dot com]

------- Comment #1 from jmcdonald at fairfield dot com  2009-03-27 21:59 -------
Created an attachment (id=17549)
 --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=17549&action=view)
Test case gcc preprocessed files (from Fedora8 x86_64 machine)

I wasn't able to generate the preprocessed files on the Fedora 10 machine...
the command 'g++ -c -O0 -g -Wall -save-temps <file>' produces the .o file, but
no .i* files.  So I generated the .i* files on the Fedora 8 machine.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39569

[Bug libstdc++/39569] Apparent memory corruption in std::stringstream after calling syslog()

[jmcdonald at fairfield dot com]

------- Comment #2 from jmcdonald at fairfield dot com  2009-03-27 22:05 -------
Created an attachment (id=17550)
 --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=17550&action=view)
Sources for self-contained test case which recreated bug.

This attachment contains the complete sources & makefile for recreating the
bug.
To recreate it, simply untar the file into an empty folder ('tar -xzvf
bug_39569_test_case.tgz'), cd to that folder, and enter the make command.

Once you have the test_main executable, you can enter:
   ./test_main
to run the executable and 'log' to std out, which will work correctly... or
   ./test_main 1
to run the executable and log to syslog(), which will demonstrate the apparent
memory corruption.

I've tried to make the example as concise and helpful as possible... but if
I've missed anything, please don't hesitate to contact me.

I thank you very much for any help you can provide...


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39569

[Bug libstdc++/39569] Apparent memory corruption in std::stringstream after calling syslog()

[jmcdonald at fairfield dot com]

------- Comment #3 from jmcdonald at fairfield dot com  2009-03-30 14:44 -------
Created an attachment (id=17559)
 --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=17559&action=view)
A more simple test case which recreates the memor correction bug (1 file)

I worked with the sources a bit more, and managed to trim it down to a single
source file which recreates the bug using pretty much nothing but the iostream
libraries and syslog.


-- 

jmcdonald at fairfield dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #17550|0                           |1
        is obsolete|                            |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39569

[Bug libstdc++/39569] Apparent memory corruption in std::stringstream after calling syslog()

[jmcdonald at fairfield dot com]

------- Comment #4 from jmcdonald at fairfield dot com  2009-03-30 14:59 -------
Created an attachment (id=17560)
 --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=17560&action=view)
The GCC preprocessed files to go with the simple, one-source-file test case.

And here are the gcc preprocessed files that go with the more simple test case.
The gcc -v info from the machine used to produce these is as follows:
Using built-in specs.
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --enable-shared --enable-threads=posix
--enable-checking=release --with-system-zlib --enable-__cxa_atexit
--disable-libunwind-exceptions
--enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk
--disable-dssi --enable-plugin
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre
--enable-libgcj-multifile --enable-java-maintainer-mode
--with-ecj-jar=/usr/share/java/eclipse-ecj.jar --with-cpu=generic
--host=x86_64-redhat-linux
Thread model: posix
gcc version 4.1.2 20070925 (Red Hat 4.1.2-33)

Please note, however, that I've been able to reproduce this bug on a new Fedora
10 installation as well... that install's gcc-v is as follows:
Using built-in specs.
Target: i386-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla
--enable-bootstrap --enable-shared --enable-threads=posix
--enable-checking=release --with-system-zlib --enable-__cxa_atexit
--disable-libunwind-exceptions
--enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk
--disable-dssi --enable-plugin
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre
--enable-libgcj-multifile --enable-java-maintainer-mode
--with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib
--with-cpu=generic --build=i386-redhat-linux
Thread model: posix
gcc version 4.3.2 20081105 (Red Hat 4.3.2-7) (GCC) 


-- 

jmcdonald at fairfield dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #17549|0                           |1
        is obsolete|                            |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39569

[Bug libstdc++/39569] Apparent memory corruption in std::stringstream after calling syslog()

[paolo dot carlini at oracle dot com]

------- Comment #5 from paolo dot carlini at oracle dot com  2009-03-30 15:58 -------
Your code triggers undefined behaviour here:

const char* OutBuf = reinterpret_cast<const char*>(OutStream.str().c_str());

because str() returns a temporary string, which then dies, leaving OutBuf
pointing to unallocated memory. Just copy that temporary somewhere, dunno:

std::string outstr = OutStream.str(); 
const char* OutBuf = outstr.c_str();

or something similar.


-- 

paolo dot carlini at oracle dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|                            |INVALID


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39569

[Bug libstdc++/39569] Apparent memory corruption in std::stringstream after calling syslog()

[jmcdonald at fairfield dot com]

------- Comment #6 from jmcdonald at fairfield dot com  2009-03-30 20:56 -------
Excellent.  I thank you for your quick response, and for the help... and I'm
glad it wasn't a bug in std::stringstream.  

My apologies for taking your time.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39569

[Bug libstdc++/39569] Apparent memory corruption in std::stringstream after calling syslog()

[paolo dot carlini at oracle dot com]

------- Comment #7 from paolo dot carlini at oracle dot com  2009-03-30 21:17 -------
By the way, 'valgrind' can save you a lot of time in such cases: it's excellent
with memory issues, like using deallocated memory.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39569