[#STDCXX-619] purify reports array bounds read error in 25.remove test

C++ Standard Library

purify reports array bounds read error in 25.remove test

Created: 24/Oct/07 11:15 PM Updated: 12/Nov/07 02:37 PM

Return to search

Component/s:

Tests

Affects Version/s:

4.2.0

Fix Version/s:

4.2.1

Time Tracking:

Not Specified

File Attachments:

	File Name	Date Attached	Attached By	Size
	stdcxx-619.patch	2007-10-25 12:30 AM	Travis Vitek	2 kB

Patch Info:	Patch Available
Severity:	Incorrect Behavior
Resolution Date:	12/Nov/07 02:37 PM

Description

« Hide

An rw_assert indexes past the end of an array if the preceeding for loop does not experience a failure.

- - - Purify instrumented ./25.remove (pid 19671) ****
      ABR: Array bounds read:
This is occurring while in thread 19671:
test_remove<FwdIter<UserClass>, UserClass, EqualityPredicate<UserClass> >(int, char const*, char, unsigned, FwdIter<UserClass>, NoIterator, UserClass const*, UserClass const*, RemoveTag) [25.remove.cpp:213]
test_remove<FwdIter<UserClass>, NoIterator, UserClass, EqualityPredicate<UserClass>, RemoveTag >(FwdIter<UserClass>, UserClass, NoIterator const*, UserClass const*, EqualityPredicate<UserClass>) [25.remove.cpp:384]
test_remove<UserClass, EqualityPredicate<UserClass>, RemoveTag >(UserClass const*, EqualityPredicate<UserClass> const*, UserClass) [25.remove.cpp:440]
test_remove<UserClass>(UserClass const*) [25.remove.cpp:471]
run_test(int, char**) [25.remove.cpp:590]
unknown func [pc=0x81201a8]
Reading 4 bytes from 0x81b88f8 in the heap.
Address 0x81b88f8 is 5 bytes past end of a malloc'd block at 0x81b88c0 of 52 bytes.
This block was allocated from thread -1207973632:
malloc [rtlib.o]
operator new(unsigned) [libstd15d.so]
operator new [](unsigned) [libstd15d.so]
UserClass* __rw_from_char<UserClass>(UserClass*, char const*, unsigned, bool) [value.cpp:485]
UserClass::from_char(char const*, unsigned, bool) [value.cpp:533]
test_remove<FwdIter<UserClass>, UserClass, EqualityPredicate<UserClass> >(int, char const*, char, unsigned, FwdIter<UserClass>, NoIterator, UserClass const*, UserClass const*, RemoveTag) [25.remove.cpp:153]

All

Comments

Work Log

Change History

Subversion Commits

Sort Order:

[ Permlink | « Hide ]

Travis Vitek added a comment - 24/Oct/07 11:29 PM - edited

Simply avoid accessing the array inappropriately. I could have opted to add an else with a different assertion to keep the assertion count consistent, but that seems unnecessary.

[ Permlink | « Hide ]

Farid Zaripov added a comment - 26/Oct/07 01:09 PM

I'd rather moved the rw_assert()'s into the for-loop body, instead of skipping them if !success.

So that rw_assert()'s will be invoked independently from the success value and iff the loop body was entered, instead of invoking the rw_assert()'s on !success.

Also I've added the two "success = true;" before loop, because the rw_assert()'s which follows that loop's may use the previous success value when the loop was iterated 0 times.

[ Permlink | « Hide ]

Farid Zaripov added a comment - 26/Oct/07 01:49 PM

Fixed thus: http://svn.apache.org/viewvc?rev=588637&view=rev

[ Permlink | « Hide ]

Martin Sebor added a comment - 26/Oct/07 05:21 PM

Farid, please remember to attribute patches to their authors.
Travis, please remember to provide ChangeLogs for your patches.

[ Permlink | « Hide ]

Martin Sebor added a comment - 01/Nov/07 12:06 AM

Reported against 4.2 Set Affects Version(s) accordingly.