public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "rguenth at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug libstdc++/98001] New: ext/stdio_filebuf/char/79820.cc is broken
Date: Thu, 26 Nov 2020 08:48:05 +0000 [thread overview]
Message-ID: <bug-98001-4@http.gcc.gnu.org/bugzilla/> (raw)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98001
Bug ID: 98001
Summary: ext/stdio_filebuf/char/79820.cc is broken
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: rguenth at gcc dot gnu.org
Target Milestone: ---
The testcase reliably segfaults for me when run with
MALLOC_PERTURB_=69
MALLOC_CHECK_=3
in the environment. It then segfaults doing
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff74ec5bb in fflush () from /lib64/libc.so.6
(gdb) up
#1 0x00007ffff7b06175 in std::__basic_file<char>::sys_open
(this=this@entry=0x7fffffffe678,
__file=__file@entry=0x614c20) at basic_file.cc:202
202 __err = fflush(__file);
(gdb) l
197 {
198 int __err, __save_errno = errno;
199 // POSIX guarantees that fflush sets errno on error, but C
doesn't.
200 errno = 0;
201 do
202 __err = fflush(__file);
203 while (__err && errno == EINTR);
the testcase passes a FILE * that has been fclosed() to the
__gnu_cxx::stdio_filebuf<char> CTOR which then invokes fflush on it.
fclose() is documented as
RETURN VALUE
Upon successful completion, 0 is returned. Otherwise, EOF is returned
and errno is set to indicate the error. In either case, any further
access (including another call to fclose()) to the stream results in
undefined behavior.
so the testcase invokes undefined behavior. I don't think there's any way
to query whether a FILE * is valid or not for the standard library.
next reply other threads:[~2020-11-26 8:48 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-26 8:48 rguenth at gcc dot gnu.org [this message]
2020-11-26 9:00 ` [Bug libstdc++/98001] " jakub at gcc dot gnu.org
2020-11-26 10:10 ` redi at gcc dot gnu.org
2020-11-26 10:25 ` redi at gcc dot gnu.org
2020-11-26 10:56 ` rguenther at suse dot de
2020-11-26 11:24 ` redi at gcc dot gnu.org
2020-11-26 11:26 ` cvs-commit at gcc dot gnu.org
2020-11-26 11:28 ` redi at gcc dot gnu.org
2020-11-26 12:04 ` cvs-commit at gcc dot gnu.org
2020-11-26 12:05 ` cvs-commit at gcc dot gnu.org
2020-11-26 12:08 ` cvs-commit at gcc dot gnu.org
2020-11-26 12:08 ` redi at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-98001-4@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).