Bug 177293 - ostringstream::str().c_str() returns pointer to unallocated memory
ostringstream::str().c_str() returns pointer to unallocated memory
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: gcc (Show other bugs)
4.0
All Linux
medium Severity high
: ---
: ---
Assigned To: Jakub Jelinek
http://gcc.gnu.org/bugzilla/show_bug....
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-01-09 00:47 EST by starlight
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-09 11:39:09 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
test case (385.44 KB, application/octet-stream)
2006-01-09 00:47 EST, starlight
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
GNU Compiler Collection 25719 None None None Never

  None (edit)
Description starlight 2006-01-09 00:47:13 EST
Created attachment 122936 [details]
test case
Comment 1 starlight 2006-01-09 00:47:13 EST
External Bugzilla  http://gcc.gnu.org/bugzilla/show_bug.cgi?id=25719

The 'c_str()' method of the STL 'basic_string' class template
returns a pointer to free memory when called against a
string returned by the 'str()' method of the 'basic_ostringstream'
class template.  ISO/IEC 14882 [21.3.6] indicates pointers returned
by 'c_str()' should be good until the next non-const member of the
string object is called.

This behavior is confirmed by both 'purify' and 'mudflap'.
The same test case runs clean with 'purify' on Solaris 8
with the Sun Studio 5.4 compiler.

Exists with both 3.4 and 4.0 compilers.  Suspect bug
appears in most 'libstdc++' versions.
Comment 3 starlight 2006-01-09 11:39:09 EST
Made a mistake, so this bug report is invalid.

Didn't notice that 'basic_stream' 'str()' returns a value
rather than a reference, and so is a temporary object with
a lifetime that ends at the semicolon at the end of the statement.

Note You need to log in before you can comment on or make changes to this bug.