SEGV in libstdc++-v3 caused when fn attached is called the second time...

SEGV in libstdc++-v3 caused when fn attached is called the second time...

[The Thodes]

[-- Attachment #1: Type: text/plain, Size: 23478 bytes --]

The attached .ii file, when compiled and linked with support code that calls
it twice with valid args both times, causes a SEGV in libstdc++-v3's _M_grab
implementation...

--debugging log starts here--
(gdb) print *this
Cannot access memory at address 0x0
(gdb) list
2
3       #include "league.hpp"
4
5       void League::add_team (std::string team_name)
6       {
7         Team temp_team (team_name);
8
9         this -> league_data.push_back (temp_team);
10      }
(gdb) print this->league_data
Cannot access memory at address 0x0
(gdb) up 1
#1  0x00402257 in for_loop_body(League*) (h_loaded_league=0xa041cd8)
    at main.cpp:35
35            h_loaded_league -> add_team (team_name);
(gdb) print h_loaded_league
$1 = (League *) 0xa041cd8
(gdb) print *h_loaded_league
$2 = {
  league_data = {<_Vector_base<Team,std::allocator<Team> >> =
{<_Vector_alloc_ba
se<Team,std::allocator<Team>,true>> = {_M_start = 0x0,
        _M_finish = 0xa0426c0,
        _M_end_of_storage = 0xa0426c0}, <No data fields>}, <No data
fields>}}
(gdb)
--snipped--
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x00424202 in std::string::_Rep::_M_grab(std::allocator<char> const&,
std::alloc
ator<char> const&) () at /usr/include/c++/3.3.1/istream:401
401           { return this->getline(__s, __n, this->widen('\n')); }
(gdb) bt
#0  0x00424202 in std::string::_Rep::_M_grab(std::allocator<char> const&,
std::a
llocator<char> const&) () at /usr/include/c++/3.3.1/istream:401
#1  0x004259dc in std::string::string(std::string const&) ()
    at /usr/include/c++/3.3.1/istream:401
#2  0x0043209e in __gnu_cxx::__normal_iterator<Team*, std::vector<Team,
std::all
ocator<Team> > >
std::__uninitialized_copy_aux<__gnu_cxx::__normal_iterator<Team
*, std::vector<Team, std::allocator<Team> > >,
__gnu_cxx::__normal_iterator<Team
*, std::vector<Team, std::allocator<Team> > >
>(__gnu_cxx::__normal_iterator<Tea
m*, std::vector<Team, std::allocator<Team> > >,
__gnu_cxx::__normal_iterator<Tea
m*, std::vector<Team, std::allocator<Team> > >,
__gnu_cxx::__normal_iterator<Tea
m*, std::vector<Team, std::allocator<Team> > >, __false_type) (__first=
      {<iterator<std::random_access_iterator_tag,Team,int,Team*,Team&>> =
{<No d
ata fields>}, _M_current = 0x6114ea44}, __last=
      {<iterator<std::random_access_iterator_tag,Team,int,Team*,Team&>> =
{<No d
ata fields>}, _M_current = 0xa0426c0}, __result=
      {<iterator<std::random_access_iterator_tag,Team,int,Team*,Team&>> =
{<No d
ata fields>}, _M_current = 0x22040008})
    at /usr/include/c++/3.3.1/bits/stl_construct.h:78
#3  0x0042f5fd in std::vector<Team, std::allocator<Team>
>::_M_insert_aux(__gnu_
cxx::__normal_iterator<Team*, std::vector<Team, std::allocator<Team> > >,
Team c
onst&) (this=0xa041cd8, __position=
      {<iterator<std::random_access_iterator_tag,Team,int,Team*,Team&>> =
{<No d
ata fields>}, _M_current = 0xa0426c0}, __x=@0x22ec50)
    at /usr/include/c++/3.3.1/bits/stl_uninitialized.h:109
---Type <return> to continue, or q <return> to quit---
#4  0x0042fa05 in std::vector<Team, std::allocator<Team> >::push_back(Team
const
&) (this=0xa041cd8, __x=@0x22ec50)
    at /usr/include/c++/3.3.1/bits/stl_vector.h:603
#5  0x00401402 in League::add_team(std::string) (this=0xa041cd8,
    team_name=@0x22ee40) at league_add_team.cpp:9
#6  0x00402257 in for_loop_body(League*) (h_loaded_league=0xa041cd8)
    at main.cpp:35
#7  0x00401e3c in main () at main.cpp:15
(gdb)
--snipped--
(gdb) stepi
League::add_team(std::string) (this=0xa041cd8, team_name=@0x22ee40)
    at league_add_team.cpp:6
6       {
(gdb) watch this
Watchpoint 4: this
(gdb) c
Continuing.
Watchpoint 4: this

Old value = (League * const) 0x22ee40
New value = (League * const) 0x22ec70
0x00401386 in League::add_team(std::string) (this=0xa041cd8,
    team_name=@0x22ee40) at league_add_team.cpp:6
6       {
(gdb) disassemble
Dump of assembler code for function _ZN6League8add_teamESs:
0x0040136c <_ZN6League8add_teamESs+0>:  push   %ebp
0x0040136d <_ZN6League8add_teamESs+1>:  mov    %esp,%ebp
0x0040136f <_ZN6League8add_teamESs+3>:  push   %edi
0x00401370 <_ZN6League8add_teamESs+4>:  push   %esi
0x00401371 <_ZN6League8add_teamESs+5>:  push   %ebx
0x00401372 <_ZN6League8add_teamESs+6>:  sub    $0x7c,%esp
0x00401375 <_ZN6League8add_teamESs+9>:  movl   $0x405a90,0xffffffa4(%ebp)
0x0040137c <_ZN6League8add_teamESs+16>: movl   $0x434558,0xffffffa8(%ebp)
0x00401383 <_ZN6League8add_teamESs+23>: lea    0xffffffe8(%ebp),%eax
0x00401386 <_ZN6League8add_teamESs+26>: mov    %eax,0xffffffac(%ebp)
0x00401389 <_ZN6League8add_teamESs+29>: movl   $0x401404,0xffffffb0(%ebp)
0x00401390 <_ZN6League8add_teamESs+36>: mov    %esp,0xffffffb4(%ebp)
0x00401393 <_ZN6League8add_teamESs+39>: lea    0xffffff8c(%ebp),%eax
0x00401396 <_ZN6League8add_teamESs+42>: mov    %eax,(%esp,1)
0x00401399 <_ZN6League8add_teamESs+45>: call   0x40ef90
<_Unwind_SjLj_Register>
0x0040139e <_ZN6League8add_teamESs+50>: mov    0xc(%ebp),%eax
0x004013a1 <_ZN6League8add_teamESs+53>: mov    %eax,0x4(%esp,1)
0x004013a5 <_ZN6League8add_teamESs+57>: lea    0xffffffb8(%ebp),%eax
0x004013a8 <_ZN6League8add_teamESs+60>: mov    %eax,(%esp,1)
0x004013ab <_ZN6League8add_teamESs+63>: movl   $0xffffffff,0xffffff90(%ebp)
0x004013b2 <_ZN6League8add_teamESs+70>: call   0x42597c <_ZNSsC1ERKSs>
0x004013b7 <_ZN6League8add_teamESs+75>: lea    0xffffffb8(%ebp),%eax
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) print &this
Address requested for identifier "this" which is in register $eax
(gdb) stepi
0x00401389      6       {
(gdb) stepi
0x00401390      6       {
(gdb) stepi
0x00401393      6       {
(gdb) stepi
Watchpoint 4: this

Old value = (League * const) 0x22ec70
New value = (League * const) 0x22ec14
0x00401396 in League::add_team(std::string) (this=0xa041cd8,
    team_name=@0x22ee40) at league_add_team.cpp:6
6       {
(gdb) stepi
0x00401399      6       {
(gdb) stepi
0x0040ef90 in _Unwind_SjLj_Register () at /usr/include/c++/3.3.1/istream:401
401           { return this->getline(__s, __n, this->widen('\n')); }
(gdb) finish
Run till exit from #0  0x0040ef90 in _Unwind_SjLj_Register ()
    at /usr/include/c++/3.3.1/istream:401
Watchpoint 4: this

Old value = (League * const) 0x22ec14
New value = (League * const) 0x1
0x0040efa9 in _Unwind_SjLj_Register () at /usr/include/c++/3.3.1/istream:401
401           { return this->getline(__s, __n, this->widen('\n')); }
(gdb) disassemble
Dump of assembler code for function _Unwind_SjLj_Register:
0x0040ef90 <_Unwind_SjLj_Register+0>:   push   %ebp
0x0040ef91 <_Unwind_SjLj_Register+1>:   mov    %esp,%ebp
0x0040ef93 <_Unwind_SjLj_Register+3>:   sub    $0x18,%esp
0x0040ef96 <_Unwind_SjLj_Register+6>:   mov    %ebx,0xfffffffc(%ebp)
0x0040ef99 <_Unwind_SjLj_Register+9>:   mov    0x43db10,%edx
0x0040ef9f <_Unwind_SjLj_Register+15>:  mov    0x8(%ebp),%ebx
0x0040efa2 <_Unwind_SjLj_Register+18>:  test   %edx,%edx
0x0040efa4 <_Unwind_SjLj_Register+20>:  je     0x40eff3
<_Unwind_SjLj_Register+9
9>
0x0040efa6 <_Unwind_SjLj_Register+22>:  mov    0x24(%edx),%eax
0x0040efa9 <_Unwind_SjLj_Register+25>:  test   %eax,%eax
0x0040efab <_Unwind_SjLj_Register+27>:  js     0x40efe6
<_Unwind_SjLj_Register+8
6>
0x0040efad <_Unwind_SjLj_Register+29>:  mov    0x24(%edx),%eax
0x0040efb0 <_Unwind_SjLj_Register+32>:  test   %eax,%eax
0x0040efb2 <_Unwind_SjLj_Register+34>:  jne    0x40efc3
<_Unwind_SjLj_Register+5
1>
0x0040efb4 <_Unwind_SjLj_Register+36>:  mov    0x1c(%edx),%eax
0x0040efb7 <_Unwind_SjLj_Register+39>:  mov    %eax,(%ebx)
0x0040efb9 <_Unwind_SjLj_Register+41>:  mov    %ebx,0x1c(%edx)
0x0040efbc <_Unwind_SjLj_Register+44>:  mov    0xfffffffc(%ebp),%ebx
0x0040efbf <_Unwind_SjLj_Register+47>:  mov    %ebp,%esp
0x0040efc1 <_Unwind_SjLj_Register+49>:  pop    %ebp
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) print &this
No symbol "this" in current context.
(gdb) print 0x24+$edx
$1 = 168041572
(gdb) print/x 0x24+$edx
$2 = 0xa041c64
(gdb) print $eax
$3 = 1
--snipped--
(gdb) stepi
League::add_team(std::string) (this=0xa041cd8, team_name=@0x22ee40)
    at league_add_team.cpp:6
6       {
(gdb) watch this
Watchpoint 3: this
(gdb) c
Continuing.
Watchpoint 3: this

Old value = (League * const) 0x22ee40
New value = (League * const) 0x22ec70
0x00401386 in League::add_team(std::string) (this=0xa041cd8,
    team_name=@0x22ee40) at league_add_team.cpp:6
6       {
(gdb) c
Continuing.
Watchpoint 3: this

Old value = (League * const) 0x22ec70
New value = (League * const) 0x22ec14
0x00401396 in League::add_team(std::string) (this=0xa041cd8,
    team_name=@0x22ee40) at league_add_team.cpp:6
6       {
(gdb) c
Continuing.
Watchpoint 3: this

Old value = (League * const) 0x22ec14
New value = (League * const) 0x1
0x0040efa9 in _Unwind_SjLj_Register () at /usr/include/c++/3.3.1/istream:401
401           { return this->getline(__s, __n, this->widen('\n')); }
(gdb) c
Continuing.
Watchpoint 3: this

Old value = (League * const) 0x1
New value = (League * const) 0xa041cb8
0x0040efc6 in _Unwind_SjLj_Register () at /usr/include/c++/3.3.1/istream:401
401           { return this->getline(__s, __n, this->widen('\n')); }
(gdb) disassemble
Dump of assembler code for function _Unwind_SjLj_Register:
0x0040ef90 <_Unwind_SjLj_Register+0>:   push   %ebp
0x0040ef91 <_Unwind_SjLj_Register+1>:   mov    %esp,%ebp
0x0040ef93 <_Unwind_SjLj_Register+3>:   sub    $0x18,%esp
0x0040ef96 <_Unwind_SjLj_Register+6>:   mov    %ebx,0xfffffffc(%ebp)
0x0040ef99 <_Unwind_SjLj_Register+9>:   mov    0x43db10,%edx
0x0040ef9f <_Unwind_SjLj_Register+15>:  mov    0x8(%ebp),%ebx
0x0040efa2 <_Unwind_SjLj_Register+18>:  test   %edx,%edx
0x0040efa4 <_Unwind_SjLj_Register+20>:  je     0x40eff3
<_Unwind_SjLj_Register+9
9>
0x0040efa6 <_Unwind_SjLj_Register+22>:  mov    0x24(%edx),%eax
0x0040efa9 <_Unwind_SjLj_Register+25>:  test   %eax,%eax
0x0040efab <_Unwind_SjLj_Register+27>:  js     0x40efe6
<_Unwind_SjLj_Register+8
6>
0x0040efad <_Unwind_SjLj_Register+29>:  mov    0x24(%edx),%eax
0x0040efb0 <_Unwind_SjLj_Register+32>:  test   %eax,%eax
0x0040efb2 <_Unwind_SjLj_Register+34>:  jne    0x40efc3
<_Unwind_SjLj_Register+5
1>
0x0040efb4 <_Unwind_SjLj_Register+36>:  mov    0x1c(%edx),%eax
0x0040efb7 <_Unwind_SjLj_Register+39>:  mov    %eax,(%ebx)
0x0040efb9 <_Unwind_SjLj_Register+41>:  mov    %ebx,0x1c(%edx)
0x0040efbc <_Unwind_SjLj_Register+44>:  mov    0xfffffffc(%ebp),%ebx
0x0040efbf <_Unwind_SjLj_Register+47>:  mov    %ebp,%esp
0x0040efc1 <_Unwind_SjLj_Register+49>:  pop    %ebp
---Type <return> to continue, or q <return> to quit---
0x0040efc2 <_Unwind_SjLj_Register+50>:  ret
0x0040efc3 <_Unwind_SjLj_Register+51>:  mov    0x20(%edx),%eax
0x0040efc6 <_Unwind_SjLj_Register+54>:  mov    %eax,(%esp,1)
0x0040efc9 <_Unwind_SjLj_Register+57>:  call   0x40fca0
<pthread_getspecific>
0x0040efce <_Unwind_SjLj_Register+62>:  mov    %eax,(%ebx)
0x0040efd0 <_Unwind_SjLj_Register+64>:  mov    0x43db10,%eax
0x0040efd5 <_Unwind_SjLj_Register+69>:  mov    0x20(%eax),%eax
0x0040efd8 <_Unwind_SjLj_Register+72>:  mov    %ebx,0x4(%esp,1)
0x0040efdc <_Unwind_SjLj_Register+76>:  mov    %eax,(%esp,1)
0x0040efdf <_Unwind_SjLj_Register+79>:  call   0x40fcb0
<pthread_setspecific>
0x0040efe4 <_Unwind_SjLj_Register+84>:  jmp    0x40efbc
<_Unwind_SjLj_Register+4
4>
0x0040efe6 <_Unwind_SjLj_Register+86>:  call   0x40ef40 <fc_key_init_once>
0x0040efeb <_Unwind_SjLj_Register+91>:  mov    0x43db10,%edx
0x0040eff1 <_Unwind_SjLj_Register+97>:  jmp    0x40efad
<_Unwind_SjLj_Register+2
9>
0x0040eff3 <_Unwind_SjLj_Register+99>:  call   0x40ec60
<__w32_sharedptr_initial
ize>
0x0040eff8 <_Unwind_SjLj_Register+104>: mov    0x43db10,%edx
0x0040effe <_Unwind_SjLj_Register+110>: jmp    0x40efa6
<_Unwind_SjLj_Register+2
2>
End of assembler dump.
(gdb) print &this
No symbol "this" in current context.
(gdb) up 1
#1  0x0040139e in League::add_team(std::string) (this=0xa041cd8,
    team_name=@0x22ee40) at league_add_team.cpp:6
6       {
(gdb) print &this
Address requested for identifier "this" which is in register $eax
(gdb) down 1
#0  0x0040efc6 in _Unwind_SjLj_Register ()
    at /usr/include/c++/3.3.1/istream:401
401           { return this->getline(__s, __n, this->widen('\n')); }
(gdb) c
Continuing.

Watchpoint 3 deleted because the program has left the block in
which its expression is valid.
0x610892bf in pthread_getspecific () from /usr/bin/cygwin1.dll
(gdb) finish
Run till exit from #0  0x610892bf in pthread_getspecific ()
   from /usr/bin/cygwin1.dll
0x610a4600 in cygwin1!__getreent () from /usr/bin/cygwin1.dll
(gdb) finish
Run till exit from #0  0x610a4600 in cygwin1!__getreent ()
   from /usr/bin/cygwin1.dll

Program received signal SIGSEGV, Segmentation fault.
0x00424202 in std::string::_Rep::_M_grab(std::allocator<char> const&,
std::alloc
ator<char> const&) () at /usr/include/c++/3.3.1/istream:401
401           { return this->getline(__s, __n, this->widen('\n')); }
(gdb) bt
#0  0x00424202 in std::string::_Rep::_M_grab(std::allocator<char> const&,
std::a
llocator<char> const&) () at /usr/include/c++/3.3.1/istream:401
#1  0x004259dc in std::string::string(std::string const&) ()
    at /usr/include/c++/3.3.1/istream:401
#2  0x0043209e in __gnu_cxx::__normal_iterator<Team*, std::vector<Team,
std::all
ocator<Team> > >
std::__uninitialized_copy_aux<__gnu_cxx::__normal_iterator<Team
*, std::vector<Team, std::allocator<Team> > >,
__gnu_cxx::__normal_iterator<Team
*, std::vector<Team, std::allocator<Team> > >
>(__gnu_cxx::__normal_iterator<Tea
m*, std::vector<Team, std::allocator<Team> > >,
__gnu_cxx::__normal_iterator<Tea
m*, std::vector<Team, std::allocator<Team> > >,
__gnu_cxx::__normal_iterator<Tea
m*, std::vector<Team, std::allocator<Team> > >, __false_type) (__first=
      {<iterator<std::random_access_iterator_tag,Team,int,Team*,Team&>> =
{<No d
ata fields>}, _M_current = 0x6114ea44}, __last=
      {<iterator<std::random_access_iterator_tag,Team,int,Team*,Team&>> =
{<No d
ata fields>}, _M_current = 0xa0426c0}, __result=
      {<iterator<std::random_access_iterator_tag,Team,int,Team*,Team&>> =
{<No d
ata fields>}, _M_current = 0x22040008})
    at /usr/include/c++/3.3.1/bits/stl_construct.h:78
#3  0x0042f5fd in std::vector<Team, std::allocator<Team>
>::_M_insert_aux(__gnu_
cxx::__normal_iterator<Team*, std::vector<Team, std::allocator<Team> > >,
Team c
onst&) (this=0xa041cd8, __position=
      {<iterator<std::random_access_iterator_tag,Team,int,Team*,Team&>> =
{<No d
ata fields>}, _M_current = 0xa0426c0}, __x=@0x22ec50)
    at /usr/include/c++/3.3.1/bits/stl_uninitialized.h:109
---Type <return> to continue, or q <return> to quit---
#4  0x0042fa05 in std::vector<Team, std::allocator<Team> >::push_back(Team
const
&) (this=0xa041cd8, __x=@0x22ec50)
    at /usr/include/c++/3.3.1/bits/stl_vector.h:603
#5  0x00401402 in League::add_team(std::string) (this=0xa041cd8,
    team_name=@0x22ee40) at league_add_team.cpp:9
#6  0x00402257 in for_loop_body(League*) (h_loaded_league=0xa041cd8)
    at main.cpp:35
#7  0x00401e3c in main () at main.cpp:15
(gdb)
--snipped--
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x00424202 in std::string::_Rep::_M_grab(std::allocator<char> const&,
std::alloc
ator<char> const&) () at /usr/include/c++/3.3.1/istream:401
401           { return this->getline(__s, __n, this->widen('\n')); }
(gdb) disassemble
Dump of assembler code for function _ZNSs4_Rep7_M_grabERKSaIcES2_:
0x004241fc <_ZNSs4_Rep7_M_grabERKSaIcES2_+0>:   push   %ebp
0x004241fd <_ZNSs4_Rep7_M_grabERKSaIcES2_+1>:   mov    %esp,%ebp
0x004241ff <_ZNSs4_Rep7_M_grabERKSaIcES2_+3>:   mov    0x8(%ebp),%edx
0x00424202 <_ZNSs4_Rep7_M_grabERKSaIcES2_+6>:   mov    0x8(%edx),%eax
0x00424205 <_ZNSs4_Rep7_M_grabERKSaIcES2_+9>:   shr    $0x1f,%eax
0x00424208 <_ZNSs4_Rep7_M_grabERKSaIcES2_+12>:  test   %al,%al
0x0042420a <_ZNSs4_Rep7_M_grabERKSaIcES2_+14>:  jne    0x42421c
<_ZNSs4_Rep7_M_g
rabERKSaIcES2_+32>
0x0042420c <_ZNSs4_Rep7_M_grabERKSaIcES2_+16>:  lock addl $0x1,0x8(%edx)
0x00424211 <_ZNSs4_Rep7_M_grabERKSaIcES2_+21>:  pop    %ebp
0x00424212 <_ZNSs4_Rep7_M_grabERKSaIcES2_+22>:  lea    0xc(%edx),%eax
0x00424215 <_ZNSs4_Rep7_M_grabERKSaIcES2_+25>:  ret
0x00424216 <_ZNSs4_Rep7_M_grabERKSaIcES2_+26>:  lea    0x0(%esi),%esi
0x0042421c <_ZNSs4_Rep7_M_grabERKSaIcES2_+32>:  movl   $0x0,0x10(%ebp)
0x00424223 <_ZNSs4_Rep7_M_grabERKSaIcES2_+39>:  pop    %ebp
0x00424224 <_ZNSs4_Rep7_M_grabERKSaIcES2_+40>:  jmp    0x42422c
<_ZNSs4_Rep8_M_c
loneERKSaIcEj>
0x00424229 <_ZNSs4_Rep7_M_grabERKSaIcES2_+45>:  nop
0x0042422a <_ZNSs4_Rep7_M_grabERKSaIcES2_+46>:  nop
0x0042422b <_ZNSs4_Rep7_M_grabERKSaIcES2_+47>:  nop
End of assembler dump.
--snipped--
(gdb) print/ux 8 + $edx
$4 = 0xfffffffc
(gdb) print *(8 + $edx)
Cannot access memory at address 0xfffffffc
(gdb) bt
#0  0x00424202 in std::string::_Rep::_M_grab(std::allocator<char> const&,
std::a
llocator<char> const&) () at /usr/include/c++/3.3.1/istream:401
#1  0x004259dc in std::string::string(std::string const&) ()
    at /usr/include/c++/3.3.1/istream:401
#2  0x0043209e in __gnu_cxx::__normal_iterator<Team*, std::vector<Team,
std::all
ocator<Team> > >
std::__uninitialized_copy_aux<__gnu_cxx::__normal_iterator<Team
*, std::vector<Team, std::allocator<Team> > >,
__gnu_cxx::__normal_iterator<Team
*, std::vector<Team, std::allocator<Team> > >
>(__gnu_cxx::__normal_iterator<Tea
m*, std::vector<Team, std::allocator<Team> > >,
__gnu_cxx::__normal_iterator<Tea
m*, std::vector<Team, std::allocator<Team> > >,
__gnu_cxx::__normal_iterator<Tea
m*, std::vector<Team, std::allocator<Team> > >, __false_type) (__first=
      {<iterator<std::random_access_iterator_tag,Team,int,Team*,Team&>> =
{<No d
ata fields>}, _M_current = 0x6114ea44}, __last=
      {<iterator<std::random_access_iterator_tag,Team,int,Team*,Team&>> =
{<No d
ata fields>}, _M_current = 0xa0426c0}, __result=
      {<iterator<std::random_access_iterator_tag,Team,int,Team*,Team&>> =
{<No d
ata fields>}, _M_current = 0x22040008})
    at /usr/include/c++/3.3.1/bits/stl_construct.h:78
#3  0x0042f5fd in std::vector<Team, std::allocator<Team>
>::_M_insert_aux(__gnu_
cxx::__normal_iterator<Team*, std::vector<Team, std::allocator<Team> > >,
Team c
onst&) (this=0xa041cd8, __position=
      {<iterator<std::random_access_iterator_tag,Team,int,Team*,Team&>> =
{<No d
ata fields>}, _M_current = 0xa0426c0}, __x=@0x22ec50)
    at /usr/include/c++/3.3.1/bits/stl_uninitialized.h:109
---Type <return> to continue, or q <return> to quit---
#4  0x0042fa05 in std::vector<Team, std::allocator<Team> >::push_back(Team
const
&) (this=0xa041cd8, __x=@0x22ec50)
    at /usr/include/c++/3.3.1/bits/stl_vector.h:603
#5  0x00401402 in League::add_team(std::string) (this=0xa041cd8,
    team_name=@0x22ee40) at league_add_team.cpp:9
#6  0x00402257 in for_loop_body(League*) (h_loaded_league=0xa041cd8)
    at main.cpp:35
#7  0x00401e3c in main () at main.cpp:15
(gdb)
--snipped--
(gdb) disassemble
Dump of assembler code for function _ZNSsC1ERKSs:
0x0042597c <_ZNSsC1ERKSs+0>:    push   %ebp
0x0042597d <_ZNSsC1ERKSs+1>:    mov    %esp,%ebp
0x0042597f <_ZNSsC1ERKSs+3>:    lea    0xffffffe8(%ebp),%eax
0x00425982 <_ZNSsC1ERKSs+6>:    sub    $0x88,%esp
0x00425988 <_ZNSsC1ERKSs+12>:   mov    %eax,0xffffffac(%ebp)
0x0042598b <_ZNSsC1ERKSs+15>:   lea    0xffffff8c(%ebp),%eax
0x0042598e <_ZNSsC1ERKSs+18>:   mov    %eax,(%esp,1)
0x00425991 <_ZNSsC1ERKSs+21>:   mov    %ebx,0xfffffff4(%ebp)
0x00425994 <_ZNSsC1ERKSs+24>:   mov    %esi,0xfffffff8(%ebp)
0x00425997 <_ZNSsC1ERKSs+27>:   mov    %edi,0xfffffffc(%ebp)
0x0042599a <_ZNSsC1ERKSs+30>:   movl   $0x405a90,0xffffffa4(%ebp)
0x004259a1 <_ZNSsC1ERKSs+37>:   movl   $0x43465c,0xffffffa8(%ebp)
0x004259a8 <_ZNSsC1ERKSs+44>:   movl   $0x425a0c,0xffffffb0(%ebp)
0x004259af <_ZNSsC1ERKSs+51>:   mov    %esp,0xffffffb4(%ebp)
0x004259b2 <_ZNSsC1ERKSs+54>:   call   0x40ef90 <_Unwind_SjLj_Register>
0x004259b7 <_ZNSsC1ERKSs+59>:   mov    0xc(%ebp),%eax
0x004259ba <_ZNSsC1ERKSs+62>:   lea    0xffffffc8(%ebp),%edx
0x004259bd <_ZNSsC1ERKSs+65>:   lea    0xffffffb8(%ebp),%ecx
0x004259c0 <_ZNSsC1ERKSs+68>:   mov    (%eax),%eax
0x004259c2 <_ZNSsC1ERKSs+70>:   mov    %edx,0x8(%esp,1)
0x004259c6 <_ZNSsC1ERKSs+74>:   mov    %ecx,0x4(%esp,1)
0x004259ca <_ZNSsC1ERKSs+78>:   sub    $0xc,%eax
0x004259cd <_ZNSsC1ERKSs+81>:   mov    %eax,(%esp,1)
---Type <return> to continue, or q <return> to quit---
0x004259d0 <_ZNSsC1ERKSs+84>:   movl   $0x1,0xffffff90(%ebp)
0x004259d7 <_ZNSsC1ERKSs+91>:   call   0x4241fc
<_ZNSs4_Rep7_M_grabERKSaIcES2_>
0x004259dc <_ZNSsC1ERKSs+96>:   mov    %eax,0x4(%esp,1)
0x004259e0 <_ZNSsC1ERKSs+100>:  lea    0xffffffd8(%ebp),%edx
0x004259e3 <_ZNSsC1ERKSs+103>:  mov    0x8(%ebp),%eax
0x004259e6 <_ZNSsC1ERKSs+106>:  mov    %edx,0x8(%esp,1)
0x004259ea <_ZNSsC1ERKSs+110>:  mov    %eax,(%esp,1)
0x004259ed <_ZNSsC1ERKSs+113>:  call   0x423a5c
<_ZNSs12_Alloc_hiderC1EPcRKSaIcE
>
0x004259f2 <_ZNSsC1ERKSs+118>:  lea    0xffffff8c(%ebp),%eax
0x004259f5 <_ZNSsC1ERKSs+121>:  mov    %eax,(%esp,1)
0x004259f8 <_ZNSsC1ERKSs+124>:  call   0x40f000 <_Unwind_SjLj_Unregister>
0x004259fd <_ZNSsC1ERKSs+129>:  mov    0xfffffff4(%ebp),%ebx
0x00425a00 <_ZNSsC1ERKSs+132>:  mov    0xfffffff8(%ebp),%esi
0x00425a03 <_ZNSsC1ERKSs+135>:  mov    0xfffffffc(%ebp),%edi
0x00425a06 <_ZNSsC1ERKSs+138>:  mov    %ebp,%esp
0x00425a08 <_ZNSsC1ERKSs+140>:  pop    %ebp
0x00425a09 <_ZNSsC1ERKSs+141>:  ret
0x00425a0a <_ZNSsC1ERKSs+142>:  mov    %esi,%esi
0x00425a0c <_ZNSsC1ERKSs+144>:  add    $0x18,%ebp
0x00425a0f <_ZNSsC1ERKSs+147>:  movl   $0xffffffff,0xffffff90(%ebp)
0x00425a16 <_ZNSsC1ERKSs+154>:  mov    0xffffff94(%ebp),%eax
0x00425a19 <_ZNSsC1ERKSs+157>:  mov    %eax,(%esp,1)
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) break *0x4259d7
Breakpoint 7 at 0x4259d7: file /usr/include/c++/3.3.1/istream, line 401.
(gdb) c
Continuing.

Breakpoint 7, 0x004259d7 in std::string::string(std::string const&) ()
    at /usr/include/c++/3.3.1/istream:401
401           { return this->getline(__s, __n, this->widen('\n')); }
--snipped--
(gdb) x/20xw $esp
0x22e9a0:       0x61124218      0x0022e9e0      0x0022e9f0      0x610a92ed
0x22e9b0:       0x0a051ce8      0x0022ea70      0x00000001      0x610a9387
0x22e9c0:       0x0a051ce8      0x61005ac0      0x610f3060      0x00405a90
0x22e9d0:       0x0043465c      0x0022ea10      0x00425a0c      0x0022e9a0
0x22e9e0:       0x0022ea10      0x61005ac0      0x610f3060      0x610a79eb
(gdb) print $eip
$1 = (void *) 0x4259d7
(gdb) print *0x61124218
$2 = 0
(gdb)
--snipped--
--debugging log ends--
--version information starts here--
$ gcc -v
Reading specs from /usr/lib/gcc-lib/i686-pc-cygwin/3.3.1/specs
Configured with:
/GCC/gcc-3.3.1-3/configure --with-gcc --with-gnu-ld --with-gnu-
as --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc --libdir=/usr/lib --li
bexe
cdir=/usr/sbin --mandir=/usr/share/man --infodir=/usr/share/info --enable-la
ngua
ges=c,ada,c++,f77,pascal,java,objc --enable-libgcj --enable-threads=posix --
with
-system-zlib --enable-nls --without-included-gettext --enable-interpreter --
enab
le-sjlj-exceptions --disable-version-specific-runtime-libs --enable-shared -
-dis
able-win32-registry --enable-java-gc=boehm --disable-hash-synchronization --
verb
ose --target=i686-pc-cygwin --host=i686-pc-cygwin --build=i686-pc-cygwin
Thread model: posix
gcc version 3.3.1 (cygming special)
--version information ends--
--compiler cmd line+output starts here--
Lucas@your-xu5v9frokn ~/lessons/leaguestats
$ gcc -save-temps -fno-elide-constructors -gstabs+3 -c team_add_game.cpp

--compiler cmd line+output ends--

Lucas

[-- Attachment #2: team_add_game.ii.bz2 --]
[-- Type: application/octet-stream, Size: 74203 bytes --]

Re: SEGV in libstdc++-v3 caused when fn attached is called the second time...

[Jim Wilson]

The Thodes wrote:
> The attached .ii file, when compiled and linked with support code that calls
> it twice with valid args both times, causes a SEGV in libstdc++-v3's _M_grab
> implementation...

Bugs should be reported into our bugzilla database rather than sent to 
gcc-bugs.  We do not track bugs reported by email, so you are more 
likely to get a useful answer if you file it into bugzilla.  See
     http://gcc.gnu.org/bugs.html
for more info on reporting bugs.

This does not seem to be a complete testcase.  I get a linker error for 
an undefined main function when I compile it.  If we can't reproduce the 
problem you reported, then we won't be able to look at it.

It isn't clear if there is any useful info in the gdb output you 
included.  You haven't annotated any of it, so it is hard to tell what 
it is for.  Was there something specific you were trying to demonstrate 
in the gdb output?
-- 
Jim Wilson, GNU Tools Support, http://www.SpecifixInc.com

Re: SEGV in libstdc++-v3 caused when fn attached is called the second time...

[The Thodes]

The program that triggers this bug consists of about 15 source files...
Should I attach them all? (In a new bug report, of course)  And, I forgot my
Bugzilla passwd.  D'oh!
----- Original Message ----- 
From: "Jim Wilson" <wilson@specifixinc.com>
To: "The Thodes" <aspiesrule@mcleodusa.net>
Cc: <gcc-bugs@gcc.gnu.org>
Sent: Tuesday, June 08, 2004 2:54 AM
Subject: Re: SEGV in libstdc++-v3 caused when fn attached is called the
second time...


> The Thodes wrote:
> > The attached .ii file, when compiled and linked with support code that
calls
> > it twice with valid args both times, causes a SEGV in libstdc++-v3's
_M_grab
> > implementation...
>
> Bugs should be reported into our bugzilla database rather than sent to
> gcc-bugs.  We do not track bugs reported by email, so you are more
> likely to get a useful answer if you file it into bugzilla.  See
>      http://gcc.gnu.org/bugs.html
> for more info on reporting bugs.
>
> This does not seem to be a complete testcase.  I get a linker error for
> an undefined main function when I compile it.  If we can't reproduce the
> problem you reported, then we won't be able to look at it.
>
> It isn't clear if there is any useful info in the gdb output you
> included.  You haven't annotated any of it, so it is hard to tell what
> it is for.  Was there something specific you were trying to demonstrate
> in the gdb output?
> -- 
> Jim Wilson, GNU Tools Support, http://www.SpecifixInc.com
>
>
>

Re: SEGV in libstdc++-v3 caused when fn attached is called the second time...

[Jim Wilson]

The Thodes wrote:
> The program that triggers this bug consists of about 15 source files...
> Should I attach them all? (In a new bug report, of course)  And, I forgot my
> Bugzilla passwd.  D'oh!

We would prefer a smaller testcase of course.  If you make it too hard 
for us to reproduce the bug, then it may be the case that no one will 
bother to try.

There is no point in submitting an incomplete testcase though.  So if 
you are submitting a bug, you need to submit everything we need to 
reproduce it.  If the program is too large to include as a testcase, 
then perhaps you could put it on an ftp or web site, and put a URL in 
the bug report.
-- 
Jim Wilson, GNU Tools Support, http://www.SpecifixInc.com