[Bug libstdc++/41448] New: std::sort on std::vector<float> with certain values leads to segfault in the vector destructor

[Bug libstdc++/41448] New: std::sort on std::vector<float> with certain values leads to segfault in the vector destructor

[4ernov at gmail dot com]

I suffer strange segfault in program using std::sort on std::vector<float>. The
segfault occures in destructor of sorted std::vector after several sort/clear
cycles. The values to reproduce the crash is actually decoded audio. I'm so
sorry, I can't evaluate the proper sequence of bad values so I've uploaded the
whole chunk here: http://downmusic.ru/test1 (110 mb sorry but i found no better
way...) I know it's not the ideal way but maybe it helps.

As far as I found out it is because of NaNs in float vector. Also,
std::stable_sort never leads to crash as I've tested.


-- 
           Summary: std::sort on std::vector<float> with certain values
                    leads to segfault in the vector destructor
           Product: gcc
           Version: 4.3.2
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: 4ernov at gmail dot com
 GCC build triplet: x86_64-unknown-linux-gnu
  GCC host triplet: x86_64-unknown-linux-gnu
GCC target triplet: x86_64-unknown-linux-gnu


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41448

[Bug libstdc++/41448] std::sort on std::vector<float> with certain values leads to segfault in the vector destructor

[4ernov at gmail dot com]

------- Comment #1 from 4ernov at gmail dot com  2009-09-23 15:45 -------
Created an attachment (id=18638)
 --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=18638&action=view)
The preprocessed file of the program


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41448

[Bug libstdc++/41448] std::sort on std::vector<float> with certain values leads to segfault in the vector destructor

[4ernov at gmail dot com]

------- Comment #3 from 4ernov at gmail dot com  2009-09-23 15:48 -------
Created an attachment (id=18639)
 --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=18639&action=view)
Source code that triggers the bug


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41448

[Bug libstdc++/41448] std::sort on std::vector<float> with certain values leads to segfault in the vector destructor

[4ernov at gmail dot com]

------- Comment #2 from 4ernov at gmail dot com  2009-09-23 15:47 -------
Console output of g++ -v -save-temps -o gcc_sort -Wall -lQtCore -DQT_SHARED
-I/usr/include/QtCore gcc_sort.cpp:

Using built-in specs.
Target: x86_64-unknown-linux-gnu
Configured with: ../gcc-4.3.2/configure --prefix=/usr --libexecdir=/usr/lib
--enable-shared --enable-threads=posix --enable-__cxa_atexit
--enable-clocale=gnu --enable-languages=c,c++,fortran,objc,treelang
--disable-multilib --enable-c99 --enable-long-long
Thread model: posix
gcc version 4.3.2 (GCC)
COLLECT_GCC_OPTIONS='-v' '-save-temps' '-o' 'gcc_sort' '-Wall' '-DQT_SHARED'
'-I/usr/include/QtCore' '-shared-libgcc' '-mtune=generic'
 /usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/cc1plus -E -quiet -v
-I/usr/include/QtCore -D_GNU_SOURCE -DQT_SHARED gcc_sort.cpp -mtune=generic
-Wall -fpch-preprocess -o gcc_sort.ii
ignoring nonexistent directory "/usr/local/include"
ignoring nonexistent directory
"/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/../../../../x86_64-unknown-linux-gnu/include"
#include "..." search starts here:
#include <...> search starts here:
 /usr/include/QtCore
 /usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/../../../../include/c++/4.3.2

/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/../../../../include/c++/4.3.2/x86_64-unknown-linux-gnu

/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/../../../../include/c++/4.3.2/backward
 /usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/include
 /usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/include-fixed
 /usr/include
End of search list.
COLLECT_GCC_OPTIONS='-v' '-save-temps' '-o' 'gcc_sort' '-Wall' '-DQT_SHARED'
'-I/usr/include/QtCore' '-shared-libgcc' '-mtune=generic'
 /usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/cc1plus -fpreprocessed gcc_sort.ii
-quiet -dumpbase gcc_sort.cpp -mtune=generic -auxbase gcc_sort -Wall -version
-o gcc_sort.s
GNU C++ (GCC) version 4.3.2 (x86_64-unknown-linux-gnu)
        compiled by GNU C version 4.3.2, GMP version 4.2.4, MPFR version 2.3.2.
GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072
Compiler executable checksum: 181aa37d41253b88eaf3c45c4486e83b
COLLECT_GCC_OPTIONS='-v' '-save-temps' '-o' 'gcc_sort' '-Wall' '-DQT_SHARED'
'-I/usr/include/QtCore' '-shared-libgcc' '-mtune=generic'
 as -V -Qy -o gcc_sort.o gcc_sort.s
GNU assembler version 2.18 (x86_64-unknown-linux-gnu) using BFD version (GNU
Binutils) 2.18
COMPILER_PATH=/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/:/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/:/usr/lib/gcc/x86_64-unknown-linux-gnu/:/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/:/usr/lib/gcc/x86_64-unknown-linux-gnu/:/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/:/usr/lib/gcc/x86_64-unknown-linux-gnu/
LIBRARY_PATH=/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/:/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/:/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/../../../../lib/:/lib/../lib/:/usr/lib/../lib/:/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/../../../:/lib/:/usr/lib/
COLLECT_GCC_OPTIONS='-v' '-save-temps' '-o' 'gcc_sort' '-Wall' '-DQT_SHARED'
'-I/usr/include/QtCore' '-shared-libgcc' '-mtune=generic'
 /usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/collect2 --eh-frame-hdr -m
elf_x86_64 -dynamic-linker /lib/ld-linux-x86-64.so.2 -o gcc_sort
/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/../../../../lib/crt1.o
/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/../../../../lib/crti.o
/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/crtbegin.o
-L/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2
-L/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2
-L/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/../../../../lib -L/lib/../lib
-L/usr/lib/../lib -L/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/../../..
-lQtCore gcc_sort.o -lstdc++ -lm -lgcc_s -lgcc -lc -lgcc_s -lgcc
/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/crtend.o
/usr/lib/gcc/x86_64-unknown-linux-gnu/4.3.2/../../../../lib/crtn.o


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41448

[Bug libstdc++/41448] std::sort on std::vector<float> with certain values leads to segfault in the vector destructor

[pinskia at gcc dot gnu dot org]

------- Comment #4 from pinskia at gcc dot gnu dot org  2009-09-23 15:57 -------
I don't think this is a bug as the comparison function causes an unstable sort
as NaNs are special and are unordered :).


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41448

[Bug libstdc++/41448] std::sort on std::vector<float> with certain values leads to segfault in the vector destructor

[4ernov at gmail dot com]

------- Comment #5 from 4ernov at gmail dot com  2009-09-23 16:04 -------
Oh, I've tried to find info how the implementation manages NaNs but didn't find
any clear info. So is it the expected behavior? And is it safe to use
std::stable_sort for vectors with NaNs or I was just lucky?

Actually, NaNs in the flow is an error in my program which I fixed, but I
decided to save the faulty state to file the report.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41448

[Bug libstdc++/41448] std::sort on std::vector<float> with certain values leads to segfault in the vector destructor

[pinskia at gcc dot gnu dot org]

------- Comment #6 from pinskia at gcc dot gnu dot org  2009-09-23 16:13 -------
so in floating point world, NaNs are considered unordered that is X == NaN is
always false for all values of  X including NaNs itself, likewise for >, <, <=,
 and >=.  X != NaN is always true for all values of X including NaNs itself.

So NaNs will cause weird stuff to happen because it is always unordered.

Complex numbers are also considered unordered too :)


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41448

[Bug libstdc++/41448] std::sort on std::vector<float> with certain values leads to segfault in the vector destructor

[4ernov at gmail dot com]

------- Comment #7 from 4ernov at gmail dot com  2009-09-24 18:39 -------
Is there anything in C++ Standard concerning this case?
Maybe it's more preferrable to throw exception or something like this.. Now it
seems to make memory leak in the operated vector.

The output is like this:
*** glibc detected *** /usr/local/share/workspace/playground/gcc_sort:
munmap_chunk(): invalid pointer: 0x0000000001d2c550 ***
*** glibc detected *** /usr/local/share/workspace/playground/gcc_sort:
malloc(): memory corruption: 0x0000000001d2bca0 ***


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41448

[Bug libstdc++/41448] std::sort on std::vector<float> with certain values leads to segfault in the vector destructor

[chris at bubblescope dot net]

------- Comment #8 from chris at bubblescope dot net  2009-09-29 11:04 -------
Just to clarify, it is not a memory leak which is occurring, it is memory
corruption. Basically when std::sort is given a type which is not totally
ordered as required, it tends to corrupt the memory immediately before and
after the given array. There are a few ways in which this could be detected,
but if it was detected it's not obvious what the behaviour should then be, and
obviously it would (slightly) slow down std::sort when given 'correct' types.


-- 

chris at bubblescope dot net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |chris at bubblescope dot net


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41448

[Bug libstdc++/41448] std::sort on std::vector<float> with certain values leads to segfault in the vector destructor

[paolo dot carlini at oracle dot com]

------- Comment #9 from paolo dot carlini at oracle dot com  2009-09-29 11:55 -------
In C++03 this is not a bug. However, I seem to vaguely remember a recent
discussion in the committee (basing on either a paper or a DR) about
comparisons of floats, if somebody can find a reference I would appreciate
it...


-- 

paolo dot carlini at oracle dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|                            |INVALID


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41448

[Bug libstdc++/41448] std::sort on std::vector<float> with certain values leads to segfault in the vector destructor

[4ernov at gmail dot com]

------- Comment #10 from 4ernov at gmail dot com  2009-10-02 08:41 -------
Yeah, I see..
But anyway, thank you for discussing it.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41448