public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libstdc++/110549] New: Undefined behavior sanitizer triggered in basic_string::_M_construct that uses iterator overload with input iterator tag
@ 2023-07-04 16:24 vaibhavawale3 at gmail dot com
2023-07-04 16:41 ` [Bug libstdc++/110549] " redi at gcc dot gnu.org
0 siblings, 1 reply; 2+ messages in thread
From: vaibhavawale3 at gmail dot com @ 2023-07-04 16:24 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110549
Bug ID: 110549
Summary: Undefined behavior sanitizer triggered in
basic_string::_M_construct that uses iterator overload
with input iterator tag
Product: gcc
Version: 13.1.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: vaibhavawale3 at gmail dot com
Target Milestone: ---
Created attachment 55467
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=55467&action=edit
Source code to reproduce bug. Writes a string to file and reads from file using
istreambuf_iterator.
With upgrade to gcc-13, I am running into undefined behavior when reading from
text file using `std::istreambuf_iterator`. The bad behavior is caused by the
check:
```
if (_M_string_length > _S_local_capacity)
__builtin_unreachable();
```
made in commit
https://github.com/gcc-mirror/gcc/commit/bf78b43873b0b7e8f9a430df38749b8b61f9c9b8
The source code (full file attached) that triggers this __builtin_unreachable()
path is:
```
std::ifstream istream{tempFile};
std::string contents = std::string{std::istreambuf_iterator<char>{istream},
std::istreambuf_iterator<char>{}};
```
In `std::__cxx11::basic_string::_M_construct(_InIterator __beg, _InIterator
__end, std::input_iterator_tag)`, `_M_string_length` is initialized at the end,
but it is used in function `_M_is_local` before its initialized. This leads to
the undefined behavior complaint.
To reproduce the issue, compile with sanitizer enabled:
```
g++ -g -O2 -Wall -Wextra -fsanitize=undefined string_make.cpp -o string_make
./string_make
```
Output from sanitizer enabled binary:
```
/usr/include/c++/13.1.1/bits/basic_string.h:280:29: runtime error: execution
reached an unreachable program point
#0 0x55e5315ee19b in std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >::_M_is_local() const
/usr/include/c++/13.1.1/bits/basic_string.h:280
#1 0x55e5315ee19b in std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >::_M_is_local() const
/usr/include/c++/13.1.1/bits/basic_string.h:275
#2 0x55e5315ee19b in std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >::_M_dispose()
/usr/include/c++/13.1.1/bits/basic_string.h:295
#3 0x55e5315ee19b in void std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char>
>::_M_construct<std::istreambuf_iterator<char, std::char_traits<char> >
>(std::istreambuf_iterator<char, std::char_traits<char> >,
std::istreambuf_iterator<char, std::char_traits<char> >,
std::input_iterator_tag) /usr/include/c++/13.1.1/bits/basic_string.tcc:200
#4 0x55e5315ee19b in std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char>
>::basic_string<std::istreambuf_iterator<char, std::char_traits<char> >,
void>(std::istreambuf_iterator<char, std::char_traits<char> >,
std::istreambuf_iterator<char, std::char_traits<char> >, std::allocator<char>
const&) /usr/include/c++/13.1.1/bits/basic_string.h:766
#5 0x55e5315ee19b in main /host_dir/string_make.cpp:21
#6 0x7f148356e84f (/usr/lib/libc.so.6+0x2384f) (BuildId:
2f005a79cd1a8e385972f5a102f16adba414d75e)
#7 0x7f148356e909 in __libc_start_main (/usr/lib/libc.so.6+0x23909)
(BuildId: 2f005a79cd1a8e385972f5a102f16adba414d75e)
#8 0x55e5315efd24 in _start (/host_dir/string_make+0x6d24) (BuildId:
84a1c6cd0213d688554e0a44d2cf01327b106fba)
```
--------------------------------------------------------------------------
GCC version info:
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-pc-linux-gnu/13.1.1/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /build/gcc/src/gcc/configure
--enable-languages=ada,c,c++,d,fortran,go,lto,objc,obj-c++ --enable-bootstrap
--prefix=/usr --libdir=/usr/lib --libexecdir=/usr/lib --mandir=/usr/share/man
--infodir=/usr/share/info --with-bugurl=https://bugs.archlinux.org/
--with-build-config=bootstrap-lto --with-linker-hash-style=gnu
--with-system-zlib --enable-__cxa_atexit --enable-cet=auto
--enable-checking=release --enable-clocale=gnu --enable-default-pie
--enable-default-ssp --enable-gnu-indirect-function --enable-gnu-unique-object
--enable-libstdcxx-backtrace --enable-link-serialization=1
--enable-linker-build-id --enable-lto --enable-multilib --enable-plugin
--enable-shared --enable-threads=posix --disable-libssp --disable-libstdcxx-pch
--disable-werror
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 13.1.1 20230429 (GCC)
--------------------------------------------------------------------------
System info:
NAME="Arch Linux"
PRETTY_NAME="Arch Linux"
ID=arch
BUILD_ID=rolling
VERSION_ID=20230611.0.157136
ANSI_COLOR="38;2;23;147;209"
HOME_URL="https://archlinux.org/"
DOCUMENTATION_URL="https://wiki.archlinux.org/"
SUPPORT_URL="https://bbs.archlinux.org/"
BUG_REPORT_URL="https://bugs.archlinux.org/"
PRIVACY_POLICY_URL="https://terms.archlinux.org/docs/privacy-policy/"
LOGO=archlinux-logo
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug libstdc++/110549] Undefined behavior sanitizer triggered in basic_string::_M_construct that uses iterator overload with input iterator tag
2023-07-04 16:24 [Bug libstdc++/110549] New: Undefined behavior sanitizer triggered in basic_string::_M_construct that uses iterator overload with input iterator tag vaibhavawale3 at gmail dot com
@ 2023-07-04 16:41 ` redi at gcc dot gnu.org
0 siblings, 0 replies; 2+ messages in thread
From: redi at gcc dot gnu.org @ 2023-07-04 16:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110549
Jonathan Wakely <redi at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #1 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Fixed a few months ago, you should update your GCC.
*** This bug has been marked as a duplicate of bug 109703 ***
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-07-04 16:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-04 16:24 [Bug libstdc++/110549] New: Undefined behavior sanitizer triggered in basic_string::_M_construct that uses iterator overload with input iterator tag vaibhavawale3 at gmail dot com
2023-07-04 16:41 ` [Bug libstdc++/110549] " redi at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).