| Summary: | libstdc++ std::sort goes out of bounds | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Fotios Tsiadimos <ftsiadim> |
| Component: | gcc-libraries | Assignee: | Marek Polacek <mpolacek> |
| Status: | CLOSED DUPLICATE | QA Contact: | qe-baseos-tools-bugs |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.2 | CC: | law |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-03-13 19:09:10 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 1056252 | ||
*** This bug has been marked as a duplicate of bug 1040637 *** |
Description of problem: I am seeing std::sort goes out of bounds in some cases, it happens with any of gcc/libstdc++ version 4.4.6 (RHEL6.2) version 4.1.2 (RHEL5.7) version 3.4.6 (RHEL4 U8) Version-Release number of selected component (if applicable): How reproducible: --- Compiler switches g++ -o sort_test.o -c sort_test.cxx g++ -o sort_test sort_test.o chmod 755 sort_test -----------------------------------sort_test.cxx ------------------------------------------------------------------ #include <iostream> #include <algorithm> #include <vector> bool compare_val(int* a, int* b) { //std::cout << "Will compare int at " << a << "with int at " << b << std::endl; if (*a <= *b) return true; return false; } void dump_vec(std::vector<int*> vec) { for(size_t i=0; i < vec.size(); ++i) { std::cout << *vec[i]<< std::endl; } } int main (void) { const int int_array[] = {12, 13, 2, 2, 6, 7, 12, 2, 10, 11, 16, 5, 5, 2, 16, 7, 6, 16, 14, 5, 10, 9, 14, 3, 7, 15, 14, 6, 2, 1, 11, 13, 14, 12, 15, 4, 3, 11, 5, 12, 5, 5, 1, 9, 6, 16, 15, 11, 16, 13, 15, 10, 6, 13, 13, 12, 11, 10, 1, 13, 11, 11, 10, 9, 7, 8, 12, 10, 2}; std::vector<int*> my_vec; int length = sizeof(int_array)/sizeof(int); for(int i=0; i < length; ++i) { int *int_ptr =new int; *int_ptr = int_array[i]; my_vec.push_back(int_ptr); } std::sort(my_vec.begin(), my_vec.end(), compare_val); dump_vec(my_vec); } Actual results: -------------------------------sort_test.cxx------------------------------------------------------------------------------- Valgrind output ==29963== Invalid read of size 8 ==29963== at 0x40420E: __gnu_cxx::__normal_iterator<int**, std::vector<int*, std::allocator<int*> > > std::__unguarded_partition<__gnu_cxx::__normal_iterator<int**, std::vector<int*, std::allocator<int*> > >, int*, bool (*)(int*, int*)>(__gnu_cxx::__normal_iterator<int**, std::vector<int*, std::allocator<int*> > >, __gnu_cxx::__normal_iterator<int**, std::vector<int*, std::allocator<int*> > >, int*, bool (*)(int*, int*)) (stl_algo.h:2042) ==29963== by 0x403C8A: void std::__introsort_loop<__gnu_cxx::__normal_iterator<int**, std::vector<int*, std::allocator<int*> > >, long, bool (*)(int*, int*)>(__gnu_cxx::__normal_iterator<int**, std::vector<int*, std::allocator<int*> > >, __gnu_cxx::__normal_iterator<int**, std::vector<int*, std::allocator<int*> > >, long, bool (*)(int*, int*)) (stl_algo.h:2519) ==29963== by 0x403530: void std::sort<__gnu_cxx::__normal_iterator<int**, std::vector<int*, std::allocator<int*> > >, bool (*)(int*, int*)>(__gnu_cxx::__normal_iterator<int**, std::vector<int*, std::allocator<int*> > >, __gnu_cxx::__normal_iterator<int**, std::vector<int*, std::allocator<int*> > >, bool (*)(int*, int*)) (stl_algo.h:2589) ==29963== by 0x4031DA: main (sort_test.cxx:27)