[Bug c++/110730] New: STL internal allocation/deallocation might lead to core dump in the use of header units of the modules feature

[Bug c++/110730] New: STL internal allocation/deallocation might lead to core dump in the use of header units of the modules feature

[nishuangcheng at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110730

            Bug ID: 110730
           Summary: STL internal allocation/deallocation might lead to
                    core dump in the use of header units of the modules
                    feature
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: nishuangcheng at gmail dot com
  Target Milestone: ---

---
the exact version of GCC: 14.0.0
---
the system type: Linux, Ubuntu 22.04.2 LTS, x86_64
---
the options given when GCC was configured/built:
--enable-default-pie --enable-host-pie --enable-host-shared
--enable-languages=default,go --enable-threads=posix
--with-multilib-list=m32,m64,mx32
---
the complete command line that triggers the bug and the output:
###test case1###
$ cat module-test.cpp 
import <filesystem>;

int main(int argc, char **argv) {
  return !std::filesystem::exists(argc == 1 ? std::filesystem::current_path()
                                            : argv[1]);
}

$ g++ -std=c++23 -fmodules-ts -Wall -Wextra -x c++-system-header filesystem -x
c++ module-test.cpp -o module-test

$ ./module-test # error
free(): invalid pointer
Aborted (core dumped)

$ ./module-test existing_file # ok

$ echo $?
0

$ ./module-test nonexisting_file # ok

$ echo $?
1

###end of test case1###

###test case2###
$ cat module-test.cpp 
import <filesystem>;
import <iostream>;

int main() {
  std::cout << "PWD: " << std::filesystem::current_path() << std::endl;
  return 0;
}

$ g++ -std=c++23 -fmodules-ts -Wall -Wextra -x c++-system-header filesystem
iostream -x c++ module-test.cpp -o module-test

$ ./module-test # changing the importing order produces the same result
terminate called after throwing an instance of 'std::bad_alloc'
  what():  std::bad_alloc
Aborted (core dumped)
###end of test case2###
---
It seems that this is not a mere issue of multiple header-unit compilation
mentioned in https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99227, since there is
only one header unit in test case1.
Besides, this is a runtime issue instead of a compile-time one. The problem is
probably related to the <filesystem> header unit. Thus, I only include its
preprocessed file in my attachments.

[Bug c++/110730] STL internal allocation/deallocation might lead to core dump in the use of header units of the modules feature

[ppalka at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110730

Patrick Palka <ppalka at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ryan.burn at gmail dot com

--- Comment #1 from Patrick Palka <ppalka at gcc dot gnu.org> ---
*** Bug 99569 has been marked as a duplicate of this bug. ***

[Bug c++/110730] STL internal allocation/deallocation might lead to core dump in the use of header units of the modules feature

[ppalka at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110730

Patrick Palka <ppalka at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           See Also|https://gcc.gnu.org/bugzill |
                   |a/show_bug.cgi?id=99569     |
           Assignee|unassigned at gcc dot gnu.org      |ppalka at gcc dot gnu.org
   Last reconfirmed|                            |2024-03-06
                 CC|                            |ppalka at gcc dot gnu.org
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |ASSIGNED
   Target Milestone|---                         |14.0

[Bug c++/110730] STL internal allocation/deallocation might lead to core dump in the use of header units of the modules feature

[ppalka at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110730

--- Comment #2 from Patrick Palka <ppalka at gcc dot gnu.org> ---
Without modules we end up calling _ZNSt10filesystem12current_pathB5cxx11Ev i.e.
std::filesystem::current_path[abi:cxx11]() and with modules we call
_ZNSt10filesystem12current_pathEv i.e. the non-abi-tagged version.  The abi tag
is getting lost because we don't stream the abi_tag attribute attached to an
inline namespace.

[Bug c++/110730] STL internal allocation/deallocation might lead to core dump in the use of header units of the modules feature

[cvs-commit at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110730

--- Comment #3 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Patrick Palka <ppalka@gcc.gnu.org>:

https://gcc.gnu.org/g:0552560f6d2eaa1ae6df5c80660b489de1d5c772

commit r14-9372-g0552560f6d2eaa1ae6df5c80660b489de1d5c772
Author: Patrick Palka <ppalka@redhat.com>
Date:   Thu Mar 7 16:23:22 2024 -0500

    c++/modules: inline namespace abi_tag streaming [PR110730]

    The unreduced testcase from PR110730 crashes at runtime ultimately
    because we don't stream the abi_tag attribute on inline namespaces and
    so the filesystem::current_path() call resolves to the non-C++11 ABI
    version even though the C++11 ABI is active, leading to a crash when
    destroying the path temporary (which contains an std::string member).
    Similar story for the PR105512 testcase.

    While we do stream the DECL_ATTRIBUTES of all decls that go through
    the generic tree streaming routines, it seems namespaces are streamed
    separately from other decls and we don't use the generic routines for
    them.  So this patch makes us stream the abi_tag manually for (inline)
    namespaces.

            PR c++/110730
            PR c++/105512

    gcc/cp/ChangeLog:

            * module.cc (module_state::write_namespaces): Stream the
            abi_tag attribute of an inline namespace.
            (module_state::read_namespaces): Likewise.

    gcc/testsuite/ChangeLog:

            * g++.dg/modules/hello-2_a.C: New test.
            * g++.dg/modules/hello-2_b.C: New test.
            * g++.dg/modules/namespace-6_a.H: New test.
            * g++.dg/modules/namespace-6_b.C: New test.

    Reviewed-by: Jason Merrill <jason@redhat.com>

[Bug c++/110730] STL internal allocation/deallocation might lead to core dump in the use of header units of the modules feature

[ppalka at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110730

Patrick Palka <ppalka at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED

--- Comment #4 from Patrick Palka <ppalka at gcc dot gnu.org> ---
Fixed for GCC 14, thanks for the bug report.

[Bug c++/110730] STL internal allocation/deallocation might lead to core dump in the use of header units of the modules feature

[nishuangcheng at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110730

--- Comment #5 from Shuangcheng Ni <nishuangcheng at gmail dot com> ---
Thanks for the bug fix. TBH it is hard to pinpoint the issue, as the code
triggers a runtime error rather than a linkage error.