Bug 177293

Summary: ostringstream::str().c_str() returns pointer to unallocated memory
Product: Red Hat Enterprise Linux 4 Reporter: starlight
Component: gccAssignee: Jakub Jelinek <jakub>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 4.0CC: bkoz, jason
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=25719
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-01-09 16:39:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
test case none

Description starlight 2006-01-09 05:47:13 UTC 
Created attachment 122936 [details]
test case
Comment 1 starlight 2006-01-09 05:47:13 UTC 
External Bugzilla  http://gcc.gnu.org/bugzilla/show_bug.cgi?id=25719

The 'c_str()' method of the STL 'basic_string' class template
returns a pointer to free memory when called against a
string returned by the 'str()' method of the 'basic_ostringstream'
class template.  ISO/IEC 14882 [21.3.6] indicates pointers returned
by 'c_str()' should be good until the next non-const member of the
string object is called.

This behavior is confirmed by both 'purify' and 'mudflap'.
The same test case runs clean with 'purify' on Solaris 8
with the Sun Studio 5.4 compiler.

Exists with both 3.4 and 4.0 compilers.  Suspect bug
appears in most 'libstdc++' versions.
Comment 3 starlight 2006-01-09 16:39:09 UTC 
Made a mistake, so this bug report is invalid.

Didn't notice that 'basic_stream' 'str()' returns a value
rather than a reference, and so is a temporary object with
a lifetime that ends at the semicolon at the end of the statement.