public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libstdc++/48917] New: istringstream with integer overflow causes uninitialised memory accesses
@ 2011-05-06 13:44 rhl at astro dot princeton.edu
2011-05-06 13:54 ` [Bug libstdc++/48917] " paolo.carlini at oracle dot com
0 siblings, 1 reply; 2+ messages in thread
From: rhl at astro dot princeton.edu @ 2011-05-06 13:44 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48917
Summary: istringstream with integer overflow causes
uninitialised memory accesses
Product: gcc
Version: 4.2.1
Status: UNCONFIRMED
Severity: major
Priority: P3
Component: libstdc++
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: rhl@astro.princeton.edu
Created attachment 24200
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=24200
Source code to reproduce the problem
The attached program, if run on a machine with 32-bit ints (e.g. my macbook
pro, but also linux boxes) causes valgrind to report memory problems. The
problem is avoided by declaring n long if sizeof(long) == 8 which suggests an
overflow issue.
N.b. while the g++ version is 4.2.1, the libstdc++ appears to be 6.0.9
Run as
g++ -o badFormat badFormat.cc -Wall -g && valgrind badFormat
(N.b. the error persists compiling with clang++, but using libstdc++)
Errors:
g++ -o badFormat badFormat.cc -Wall -g && valgrind badFormat
==14920== Memcheck, a memory error detector
==14920== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==14920== Using Valgrind-3.7.0.SVN and LibVEX; rerun with -h for copyright info
==14920== Command: badFormat
==14920==
==14920== Conditional jump or move depends on uninitialised value(s)
==14920== at 0x10004632E: std::ostreambuf_iterator<char,
std::char_traits<char> > std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::_M_insert_int<long>(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x1000464F4: std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::do_put(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x10004D257: std::ostream& std::ostream::_M_insert<long>(long)
(in /usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x100000B9D: main (badFormat.cc:8)
==14920==
==14920== Use of uninitialised value of size 8
==14920== at 0x10003F3E0: int std::__int_to_char<char, unsigned long>(char*,
unsigned long, char const*, std::_Ios_Fmtflags, bool) (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x100046358: std::ostreambuf_iterator<char,
std::char_traits<char> > std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::_M_insert_int<long>(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x1000464F4: std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::do_put(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x10004D257: std::ostream& std::ostream::_M_insert<long>(long)
(in /usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x100000B9D: main (badFormat.cc:8)
==14920==
==14920== Conditional jump or move depends on uninitialised value(s)
==14920== at 0x10003F3EE: int std::__int_to_char<char, unsigned long>(char*,
unsigned long, char const*, std::_Ios_Fmtflags, bool) (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x100046358: std::ostreambuf_iterator<char,
std::char_traits<char> > std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::_M_insert_int<long>(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x1000464F4: std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::do_put(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x10004D257: std::ostream& std::ostream::_M_insert<long>(long)
(in /usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x100000B9D: main (badFormat.cc:8)
==14920==
==14920== Conditional jump or move depends on uninitialised value(s)
==14920== at 0x1000463C1: std::ostreambuf_iterator<char,
std::char_traits<char> > std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::_M_insert_int<long>(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x1000464F4: std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::do_put(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x10004D257: std::ostream& std::ostream::_M_insert<long>(long)
(in /usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x100000B9D: main (badFormat.cc:8)
==14920==
==14920== Conditional jump or move depends on uninitialised value(s)
==14920== at 0x1000463D6: std::ostreambuf_iterator<char,
std::char_traits<char> > std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::_M_insert_int<long>(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x1000464F4: std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::do_put(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x10004D257: std::ostream& std::ostream::_M_insert<long>(long)
(in /usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x100000B9D: main (badFormat.cc:8)
==14920==
0
==14920==
==14920== HEAP SUMMARY:
==14920== in use at exit: 4,184 bytes in 2 blocks
==14920== total heap usage: 4 allocs, 2 frees, 4,256 bytes allocated
==14920==
==14920== LEAK SUMMARY:
==14920== definitely lost: 0 bytes in 0 blocks
==14920== indirectly lost: 0 bytes in 0 blocks
==14920== possibly lost: 0 bytes in 0 blocks
==14920== still reachable: 4,184 bytes in 2 blocks
==14920== suppressed: 0 bytes in 0 blocks
==14920== Rerun with --leak-check=full to see details of leaked memory
==14920==
==14920== For counts of detected and suppressed errors, rerun with: -v
==14920== Use --track-origins=yes to see where uninitialised values come from
==14920== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0)
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug libstdc++/48917] istringstream with integer overflow causes uninitialised memory accesses
2011-05-06 13:44 [Bug libstdc++/48917] New: istringstream with integer overflow causes uninitialised memory accesses rhl at astro dot princeton.edu
@ 2011-05-06 13:54 ` paolo.carlini at oracle dot com
0 siblings, 0 replies; 2+ messages in thread
From: paolo.carlini at oracle dot com @ 2011-05-06 13:54 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48917
Paolo Carlini <paolo.carlini at oracle dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Known to work| |4.5.3, 4.6.0, 4.7.0
Resolution| |WORKSFORME
Severity|major |normal
--- Comment #1 from Paolo Carlini <paolo.carlini at oracle dot com> 2011-05-06 13:51:07 UTC ---
Everything if fine in the active branches.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-05-06 13:54 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-05-06 13:44 [Bug libstdc++/48917] New: istringstream with integer overflow causes uninitialised memory accesses rhl at astro dot princeton.edu
2011-05-06 13:54 ` [Bug libstdc++/48917] " paolo.carlini at oracle dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).