public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libstdc++/97415] New: Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer)
@ 2020-10-14 10:08 chfast at gmail dot com
2020-10-14 13:27 ` [Bug libstdc++/97415] " redi at gcc dot gnu.org
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: chfast at gmail dot com @ 2020-10-14 10:08 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97415
Bug ID: 97415
Summary: Invalid pointer comparison in stringbuf::str()
(reported by pointer-compare AddressSanitizer)
Product: gcc
Version: 10.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: chfast at gmail dot com
Target Milestone: ---
When my application is instrumented with -fsanitize=address,pointer-compare
and running under ASAN_OPTIONS=detect_invalid_pointer_pairs=2,
I get for following failure in basic_stringbuf::str()
==3879==ERROR: AddressSanitizer: invalid-pointer-pair: 0x7ffcdf273b66
0x000000000000
#0 0x5597a6c6d786 in std::__cxx11::basic_stringbuf<char,
std::char_traits<char>, std::allocator<char> >::str() const
/usr/include/c++/10/sstream:184
#1 0x5597a6c6d786 in std::__cxx11::basic_ostringstream<char,
std::char_traits<char>, std::allocator<char> >::str() const
/usr/include/c++/10/sstream:678
#2 0x5597a6c6d786 in std::basic_ostream<char, std::char_traits<char> >&
std::__detail::operator<< <char, std::char_traits<char>,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >
const&>(std::basic_ostream<char, std::char_traits<char> >&,
std::__detail::_Quoted_string<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, char> const&)
/usr/include/c++/10/bits/quoted_string.h:130
#3 0x5597a6c6d786 in std::basic_ostream<char, std::char_traits<char> >&
std::filesystem::__cxx11::operator<< <char, std::char_traits<char>
>(std::basic_ostream<char, std::char_traits<char> >&,
std::filesystem::__cxx11::path const&) /usr/include/c++/10/bits/fs_path.h:441
#4 0x5597a6c6d786 in log_total
/home/builder/project/test/spectests/spectests.cpp:675
#5 0x5597a6c48939 in run_tests_from_dir
/home/builder/project/test/spectests/spectests.cpp:708
#6 0x5597a6c48939 in main
/home/builder/project/test/spectests/spectests.cpp:750
Here is the implementation of basic_stringbuf::str() used for compilation:
__string_type
str() const
{
__string_type __ret(_M_string.get_allocator());
if (this->pptr())
{
// The current egptr() may not be the actual string end.
if (this->pptr() > this->egptr())
__ret.assign(this->pbase(), this->pptr());
else
__ret.assign(this->pbase(), this->egptr());
}
else
__ret = _M_string;
return __ret;
}
In the line `if (this->pptr() > this->egptr())`,
the `this->egptr()` may be nullptr and therefore AddressSanitizer complains
about this comparison.
I don't have handy repro code for the issue, but I can try to build one if
desired.
GCC version: cpp (Debian 10.2.0-15) 10.2.0
^ permalink raw reply [flat|nested] 9+ messages in thread* [Bug libstdc++/97415] Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer)
2020-10-14 10:08 [Bug libstdc++/97415] New: Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer) chfast at gmail dot com
@ 2020-10-14 13:27 ` redi at gcc dot gnu.org
2020-10-14 13:33 ` redi at gcc dot gnu.org
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: redi at gcc dot gnu.org @ 2020-10-14 13:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97415
Jonathan Wakely <redi at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2020-10-14
Ever confirmed|0 |1
--- Comment #1 from Jonathan Wakely <redi at gcc dot gnu.org> ---
This should reproduce it, but doesn't for some reason:
#include <bits/c++config.h>
#undef _GLIBCXX_EXTERN_TEMPLATE
#include <sstream>
int main()
{
std::ostringstream s;
s << ".";
return s.str().length();
}
^ permalink raw reply [flat|nested] 9+ messages in thread* [Bug libstdc++/97415] Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer)
2020-10-14 10:08 [Bug libstdc++/97415] New: Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer) chfast at gmail dot com
2020-10-14 13:27 ` [Bug libstdc++/97415] " redi at gcc dot gnu.org
@ 2020-10-14 13:33 ` redi at gcc dot gnu.org
2020-10-14 14:10 ` redi at gcc dot gnu.org
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: redi at gcc dot gnu.org @ 2020-10-14 13:33 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97415
--- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Oh, it does if I spell the environment variable correctly.
^ permalink raw reply [flat|nested] 9+ messages in thread* [Bug libstdc++/97415] Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer)
2020-10-14 10:08 [Bug libstdc++/97415] New: Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer) chfast at gmail dot com
2020-10-14 13:27 ` [Bug libstdc++/97415] " redi at gcc dot gnu.org
2020-10-14 13:33 ` redi at gcc dot gnu.org
@ 2020-10-14 14:10 ` redi at gcc dot gnu.org
2020-10-14 17:56 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: redi at gcc dot gnu.org @ 2020-10-14 14:10 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97415
Jonathan Wakely <redi at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |redi at gcc dot gnu.org
^ permalink raw reply [flat|nested] 9+ messages in thread* [Bug libstdc++/97415] Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer)
2020-10-14 10:08 [Bug libstdc++/97415] New: Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer) chfast at gmail dot com
` (2 preceding siblings ...)
2020-10-14 14:10 ` redi at gcc dot gnu.org
@ 2020-10-14 17:56 ` cvs-commit at gcc dot gnu.org
2020-10-15 11:32 ` redi at gcc dot gnu.org
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-10-14 17:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97415
--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jonathan Wakely <redi@gcc.gnu.org>:
https://gcc.gnu.org/g:78198b6021a9695054dab039340202170b88423c
commit r11-3889-g78198b6021a9695054dab039340202170b88423c
Author: Jonathan Wakely <jwakely@redhat.com>
Date: Wed Oct 14 18:55:14 2020 +0100
libstdc++: Fix unspecified comparison to null pointer [PR 97415]
The standard doesn't guarantee that null pointers compare less than
non-null pointers. AddressSanitizer complains about the pptr()> egptr()
comparison in basic_stringbuf::str() when egptr() is null.
libstdc++-v3/ChangeLog:
PR libstdc++/97415
* include/std/sstream (basic_stringbuf::str()): Check for
null egptr() before comparing to non-null pptr().
^ permalink raw reply [flat|nested] 9+ messages in thread* [Bug libstdc++/97415] Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer)
2020-10-14 10:08 [Bug libstdc++/97415] New: Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer) chfast at gmail dot com
` (3 preceding siblings ...)
2020-10-14 17:56 ` cvs-commit at gcc dot gnu.org
@ 2020-10-15 11:32 ` redi at gcc dot gnu.org
2020-10-15 15:29 ` marxin at gcc dot gnu.org
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: redi at gcc dot gnu.org @ 2020-10-15 11:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97415
--- Comment #4 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Fixed on trunk so far. I'm undecided whether it needs to be backported.
Although the comparison with null is formally unspecified, I think all the
compilers we support behave as expected.
^ permalink raw reply [flat|nested] 9+ messages in thread* [Bug libstdc++/97415] Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer)
2020-10-14 10:08 [Bug libstdc++/97415] New: Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer) chfast at gmail dot com
` (4 preceding siblings ...)
2020-10-15 11:32 ` redi at gcc dot gnu.org
@ 2020-10-15 15:29 ` marxin at gcc dot gnu.org
2020-10-15 17:03 ` redi at gcc dot gnu.org
2020-11-10 19:41 ` cvs-commit at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-10-15 15:29 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97415
--- Comment #5 from Martin Liška <marxin at gcc dot gnu.org> ---
(In reply to Jonathan Wakely from comment #4)
> Fixed on trunk so far. I'm undecided whether it needs to be backported.
> Although the comparison with null is formally unspecified, I think all the
> compilers we support behave as expected.
I wouldn't backport it as pointer-compare is quite experimental feature of the
AddressSanitizer.
^ permalink raw reply [flat|nested] 9+ messages in thread* [Bug libstdc++/97415] Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer)
2020-10-14 10:08 [Bug libstdc++/97415] New: Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer) chfast at gmail dot com
` (5 preceding siblings ...)
2020-10-15 15:29 ` marxin at gcc dot gnu.org
@ 2020-10-15 17:03 ` redi at gcc dot gnu.org
2020-11-10 19:41 ` cvs-commit at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: redi at gcc dot gnu.org @ 2020-10-15 17:03 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97415
Jonathan Wakely <redi at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
Target Milestone|--- |11.0
--- Comment #6 from Jonathan Wakely <redi at gcc dot gnu.org> ---
OK thanks, let's call it done then.
^ permalink raw reply [flat|nested] 9+ messages in thread* [Bug libstdc++/97415] Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer)
2020-10-14 10:08 [Bug libstdc++/97415] New: Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer) chfast at gmail dot com
` (6 preceding siblings ...)
2020-10-15 17:03 ` redi at gcc dot gnu.org
@ 2020-11-10 19:41 ` cvs-commit at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-11-10 19:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97415
--- Comment #7 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jonathan Wakely <redi@gcc.gnu.org>:
https://gcc.gnu.org/g:ced70ebaa372945ec8d73703d81e4a10d6d51c9b
commit r11-4887-gced70ebaa372945ec8d73703d81e4a10d6d51c9b
Author: Jonathan Wakely <jwakely@redhat.com>
Date: Tue Nov 10 15:46:02 2020 +0000
libstdc++: Fix more unspecified comparisons to null pointer [PR 97415]
This adds some more null checks to avoid a relational comparison with a
null pointer, similar to 78198b6021a9695054dab039340202170b88423c.
libstdc++-v3/ChangeLog:
PR libstdc++/97415
* include/std/sstream (basic_stringbuf::_M_update_egptr)
(basic_stringbuf::__xfer_bufptrs::__xfer_bufptrs): Check for
null before comparing pointers.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2020-11-10 19:41 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-14 10:08 [Bug libstdc++/97415] New: Invalid pointer comparison in stringbuf::str() (reported by pointer-compare AddressSanitizer) chfast at gmail dot com
2020-10-14 13:27 ` [Bug libstdc++/97415] " redi at gcc dot gnu.org
2020-10-14 13:33 ` redi at gcc dot gnu.org
2020-10-14 14:10 ` redi at gcc dot gnu.org
2020-10-14 17:56 ` cvs-commit at gcc dot gnu.org
2020-10-15 11:32 ` redi at gcc dot gnu.org
2020-10-15 15:29 ` marxin at gcc dot gnu.org
2020-10-15 17:03 ` redi at gcc dot gnu.org
2020-11-10 19:41 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).