Bug 177293 - ostringstream::str().c_str() returns pointer to unallocated memory
Summary: ostringstream::str().c_str() returns pointer to unallocated memory
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: gcc (Show other bugs)
(Show other bugs)
Version: 4.0
Hardware: All Linux
Target Milestone: ---
: ---
Assignee: Jakub Jelinek
QA Contact:
URL: http://gcc.gnu.org/bugzilla/show_bug....
Depends On:
TreeView+ depends on / blocked
Reported: 2006-01-09 05:47 UTC by starlight
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-01-09 16:39:09 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
test case (385.44 KB, application/octet-stream)
2006-01-09 05:47 UTC, starlight
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
GNU Compiler Collection 25719 None None None Never

Description starlight 2006-01-09 05:47:13 UTC
Created attachment 122936 [details]
test case

Comment 1 starlight 2006-01-09 05:47:13 UTC
External Bugzilla  http://gcc.gnu.org/bugzilla/show_bug.cgi?id=25719

The 'c_str()' method of the STL 'basic_string' class template
returns a pointer to free memory when called against a
string returned by the 'str()' method of the 'basic_ostringstream'
class template.  ISO/IEC 14882 [21.3.6] indicates pointers returned
by 'c_str()' should be good until the next non-const member of the
string object is called.

This behavior is confirmed by both 'purify' and 'mudflap'.
The same test case runs clean with 'purify' on Solaris 8
with the Sun Studio 5.4 compiler.

Exists with both 3.4 and 4.0 compilers.  Suspect bug
appears in most 'libstdc++' versions.

Comment 3 starlight 2006-01-09 16:39:09 UTC
Made a mistake, so this bug report is invalid.

Didn't notice that 'basic_stream' 'str()' returns a value
rather than a reference, and so is a temporary object with
a lifetime that ends at the semicolon at the end of the statement.

Note You need to log in before you can comment on or make changes to this bug.