From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-prs-return-20733-listarch-gcc-prs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 12744 invoked by alias); 28 Jul 2002 11:06:00 -0000
Mailing-List: contact gcc-prs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Archive: <http://gcc.gnu.org/ml/gcc-prs/>
List-Post: <mailto:gcc-prs@gcc.gnu.org>
List-Help: <mailto:gcc-prs-help@gcc.gnu.org>
Sender: gcc-prs-owner@gcc.gnu.org
Received: (qmail 12724 invoked by uid 71); 28 Jul 2002 11:06:00 -0000
Resent-Date: 28 Jul 2002 11:06:00 -0000
Resent-Message-ID: <20020728110600.12723.qmail@sources.redhat.com>
Resent-From: gcc-gnats@gcc.gnu.org (GNATS Filer)
Resent-To: nobody@gcc.gnu.org
Resent-Cc: gcc-prs@gcc.gnu.org, gcc-bugs@gcc.gnu.org, bkoz@redhat.com,
  schwab@suse.de
Resent-Reply-To: gcc-gnats@gcc.gnu.org, rschiele@uni-mannheim.de
Received: (qmail 12532 invoked by uid 61); 28 Jul 2002 11:03:52 -0000
Message-Id: <20020728110352.12531.qmail@sources.redhat.com>
Date: Sun, 28 Jul 2002 04:06:00 -0000
From: rschiele@uni-mannheim.de
Reply-To: rschiele@uni-mannheim.de
To: gcc-gnats@gcc.gnu.org
Cc: bkoz@redhat.com, schwab@suse.de
X-Send-Pr-Version: gnatsweb-2.9.3 (1.1.1.1.2.31)
X-GNATS-Notify: bkoz@redhat.com, schwab@suse.de
Subject: libstdc++/7422: strstreambuf frees buffer when beeing in frozen state
X-SW-Source: 2002-07/txt/msg00735.txt.bz2
List-Id: <gcc-prs.sourceware.org>


>Number:         7422
>Category:       libstdc++
>Synopsis:       strstreambuf frees buffer when beeing in frozen state
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jul 28 04:06:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Robert Schiele
>Release:        3.1.1
>Organization:
>Environment:
System: independent
Architecture: independent
host: independent
build: independent
target: independent
Configured with: /home/schiele/gcccvs/gcc-3.1.1/configure --enable-threads=posix --prefix=/opt/Pkg/Linux/i686/gcc311 --enable-languages=c,c++,f77,objc --disable-libgcj --with-gxx-include-dir=/opt/Pkg/Linux/i686/gcc311/include/g++ --with-system-zlib --enable-shared --enable-__cxa_atexit i486-suse-linux
>Description:
The attached sample program shows that strstreambuf frees his buffer also he was forced to frozen mode by calling the str() method. Because of that the generated string can be overwritten by code that reallocates this memory.

This is a regression to gcc 3.1!

I have not checked that, but possibly this is related to http://gcc.gnu.org/ml/gcc-patches/2002-05/msg01204.html and/or http://gcc.gnu.org/ml/libstdc++/2002-06/msg00089.html.
>How-To-Repeat:
# g++ -o strstreambug strstreambug.cc
[header warning]
# ./strstreambug
s(0x804a118):Text
s(0x804a118):ñòóôõö÷øùúûüýþÿ

should be (gcc-3.1):
# ./strstreambug
s(0x804a118):Text
s(0x804a118):Text
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:
----gnatsweb-attachment----
Content-Type: text/x-c++src; name="strstreambug.cc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="strstreambug.cc"

I2luY2x1ZGUgPHN0cnN0cmVhbT4KI2luY2x1ZGUgPGlvc3RyZWFtPgoKaW50IG1haW4oKSB7CiAg
ICBjaGFyKiBzOwogICAgewoJc3RkOjpvc3Ryc3RyZWFtIHQ7CgkKCXQgPDwgIlRleHQiIDw8IHN0
ZDo6ZW5kczsKCXMgPSB0LnN0cigpOwoJc3RkOjpjb3V0IDw8ICJzKCIgPDwgKHZvaWQqKXMgPDwg
Iik6IiA8PCBzIDw8IHN0ZDo6ZW5kbDsKICAgIH0KICAgIGNoYXIqIGEgPSBuZXcgY2hhclsxNl07
CiAgICBmb3IgKGludCBqID0gMDsgaiA8IDE2OyArK2opCglhW2pdID0gMjQxICsgajsKICAgIHN0
ZDo6Y291dCA8PCAicygiIDw8ICh2b2lkKilzIDw8ICIpOiIgPDwgcyA8PCBzdGQ6OmVuZGw7Cn0K