public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "rguenth at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug libstdc++/98001] New: ext/stdio_filebuf/char/79820.cc is broken Date: Thu, 26 Nov 2020 08:48:05 +0000 [thread overview] Message-ID: <bug-98001-4@http.gcc.gnu.org/bugzilla/> (raw) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98001 Bug ID: 98001 Summary: ext/stdio_filebuf/char/79820.cc is broken Product: gcc Version: 11.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: libstdc++ Assignee: unassigned at gcc dot gnu.org Reporter: rguenth at gcc dot gnu.org Target Milestone: --- The testcase reliably segfaults for me when run with MALLOC_PERTURB_=69 MALLOC_CHECK_=3 in the environment. It then segfaults doing Program received signal SIGSEGV, Segmentation fault. 0x00007ffff74ec5bb in fflush () from /lib64/libc.so.6 (gdb) up #1 0x00007ffff7b06175 in std::__basic_file<char>::sys_open (this=this@entry=0x7fffffffe678, __file=__file@entry=0x614c20) at basic_file.cc:202 202 __err = fflush(__file); (gdb) l 197 { 198 int __err, __save_errno = errno; 199 // POSIX guarantees that fflush sets errno on error, but C doesn't. 200 errno = 0; 201 do 202 __err = fflush(__file); 203 while (__err && errno == EINTR); the testcase passes a FILE * that has been fclosed() to the __gnu_cxx::stdio_filebuf<char> CTOR which then invokes fflush on it. fclose() is documented as RETURN VALUE Upon successful completion, 0 is returned. Otherwise, EOF is returned and errno is set to indicate the error. In either case, any further access (including another call to fclose()) to the stream results in undefined behavior. so the testcase invokes undefined behavior. I don't think there's any way to query whether a FILE * is valid or not for the standard library.
next reply other threads:[~2020-11-26 8:48 UTC|newest] Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-11-26 8:48 rguenth at gcc dot gnu.org [this message] 2020-11-26 9:00 ` [Bug libstdc++/98001] " jakub at gcc dot gnu.org 2020-11-26 10:10 ` redi at gcc dot gnu.org 2020-11-26 10:25 ` redi at gcc dot gnu.org 2020-11-26 10:56 ` rguenther at suse dot de 2020-11-26 11:24 ` redi at gcc dot gnu.org 2020-11-26 11:26 ` cvs-commit at gcc dot gnu.org 2020-11-26 11:28 ` redi at gcc dot gnu.org 2020-11-26 12:04 ` cvs-commit at gcc dot gnu.org 2020-11-26 12:05 ` cvs-commit at gcc dot gnu.org 2020-11-26 12:08 ` cvs-commit at gcc dot gnu.org 2020-11-26 12:08 ` redi at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-98001-4@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).