public inbox for gcc-prs@sourceware.org
help / color / mirror / Atom feed
From: rschiele@uni-mannheim.de
To: gcc-gnats@gcc.gnu.org
Cc: bkoz@redhat.com, schwab@suse.de
Subject: libstdc++/7422: strstreambuf frees buffer when beeing in frozen state
Date: Sun, 28 Jul 2002 04:06:00 -0000 [thread overview]
Message-ID: <20020728110352.12531.qmail@sources.redhat.com> (raw)
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 2214 bytes --]
>Number: 7422
>Category: libstdc++
>Synopsis: strstreambuf frees buffer when beeing in frozen state
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Jul 28 04:06:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Robert Schiele
>Release: 3.1.1
>Organization:
>Environment:
System: independent
Architecture: independent
host: independent
build: independent
target: independent
Configured with: /home/schiele/gcccvs/gcc-3.1.1/configure --enable-threads=posix --prefix=/opt/Pkg/Linux/i686/gcc311 --enable-languages=c,c++,f77,objc --disable-libgcj --with-gxx-include-dir=/opt/Pkg/Linux/i686/gcc311/include/g++ --with-system-zlib --enable-shared --enable-__cxa_atexit i486-suse-linux
>Description:
The attached sample program shows that strstreambuf frees his buffer also he was forced to frozen mode by calling the str() method. Because of that the generated string can be overwritten by code that reallocates this memory.
This is a regression to gcc 3.1!
I have not checked that, but possibly this is related to http://gcc.gnu.org/ml/gcc-patches/2002-05/msg01204.html and/or http://gcc.gnu.org/ml/libstdc++/2002-06/msg00089.html.
>How-To-Repeat:
# g++ -o strstreambug strstreambug.cc
[header warning]
# ./strstreambug
s(0x804a118):Text
s(0x804a118):ñòóôõö÷øùúûüýþÿ
should be (gcc-3.1):
# ./strstreambug
s(0x804a118):Text
s(0x804a118):Text
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
----gnatsweb-attachment----
Content-Type: text/x-c++src; name="strstreambug.cc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="strstreambug.cc"
I2luY2x1ZGUgPHN0cnN0cmVhbT4KI2luY2x1ZGUgPGlvc3RyZWFtPgoKaW50IG1haW4oKSB7CiAg
ICBjaGFyKiBzOwogICAgewoJc3RkOjpvc3Ryc3RyZWFtIHQ7CgkKCXQgPDwgIlRleHQiIDw8IHN0
ZDo6ZW5kczsKCXMgPSB0LnN0cigpOwoJc3RkOjpjb3V0IDw8ICJzKCIgPDwgKHZvaWQqKXMgPDwg
Iik6IiA8PCBzIDw8IHN0ZDo6ZW5kbDsKICAgIH0KICAgIGNoYXIqIGEgPSBuZXcgY2hhclsxNl07
CiAgICBmb3IgKGludCBqID0gMDsgaiA8IDE2OyArK2opCglhW2pdID0gMjQxICsgajsKICAgIHN0
ZDo6Y291dCA8PCAicygiIDw8ICh2b2lkKilzIDw8ICIpOiIgPDwgcyA8PCBzdGQ6OmVuZGw7Cn0K
next reply other threads:[~2002-07-28 11:06 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-07-28 4:06 rschiele [this message]
2002-08-03 13:19 bkoz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020728110352.12531.qmail@sources.redhat.com \
--to=rschiele@uni-mannheim.de \
--cc=bkoz@redhat.com \
--cc=gcc-gnats@gcc.gnu.org \
--cc=schwab@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).