[Bug c++/45284] New: sort accesses memory before first iterator

Sat, 14 Aug 2010 00:34:32 -0700 

Hello!

I am trying to sort an array in my program:

#include <cstdlib>
#include <cstdio>
#include <algorithm>
#include <stdint.h>

using namespace std;

class E
{
        public:
                int64_t x;
                int a;
                bool operator<(const E& e2) const
                {
                        return x != e2.x ? x < e2.x : a;
                }
};

E *e;

void alloc()
{
        e = new E[100100];
}


int32_t main()
{
        freopen("bad_array", "r", stdin);

        int n = 100000;

        alloc();

        for(int i = 0; i < n; ++i)
        {
                scanf("%lld %d", &e[i].x, &e[i].a);
        }

        sort(e, e + n);
}

I am getting a segmentation fault in std::sort, when trying to sort a bad
array:
bori...@vaio:~/gcc-bug$ g++ -o bug bug.cpp -g3
bori...@vaio:~/gcc-bug$ gdb ./bug
GNU gdb (GDB) 7.1
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-slackware-linux".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/borisko/gcc-bug/bug...done.
(gdb) run
Starting program: /home/borisko/gcc-bug/bug 

Program received signal SIGSEGV, Segmentation fault.
0x00000000004007e3 in E::operator< (this=0x7fffffffdd60, e2=...) at bug.cpp:15
15                              return x != e2.x ? x < e2.x : a;
(gdb) p e
$1 = (E *) 0x7ffff7e4b010
(gdb) p &e2
$2 = (const E *) 0x7ffff7e4aff0

Also, valgrind notices incorrect accesses to memory like
bori...@vaio:~/gcc-bug$ valgrind ./bug
==8890== Invalid read of size 8
==8890==    at 0x4007E3: E::operator<(E const&) const (bug.cpp:15)
==8890==    by 0x400B22: E* std::__unguarded_partition<E*, E>(E*, E*, E)
(stl_algo.h:2212)
==8890==    by 0x400921: void std::__introsort_loop<E*, long>(E*, E*, long)
(stl_algo.h:2268)
==8890==    by 0x40085C: void std::sort<E*>(E*, E*) (stl_algo.h:5220)
==8890==    by 0x40079E: main (bug.cpp:40)
==8890==  Address 0x5947030 is 16 bytes before a block of size 1,601,600
alloc'd
==8890==    at 0x4C262A4: operator new[](unsigned long) (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==8890==    by 0x4006E9: alloc() (bug.cpp:23)
==8890==    by 0x40071F: main (bug.cpp:33)
or
==8890== Invalid read of size 8
==8890==    at 0x400DBF: void std::__unguarded_linear_insert<E*, E>(E*, E)
(stl_algo.h:2069)
==8890==    by 0x400C4D: void std::__unguarded_insertion_sort<E*>(E*, E*)
(stl_algo.h:2148)
==8890==    by 0x4009CA: void std::__final_insertion_sort<E*>(E*, E*)
(stl_algo.h:2179)
==8890==    by 0x40086F: void std::sort<E*>(E*, E*) (stl_algo.h:5222)
==8890==    by 0x40079E: main (bug.cpp:40)
==8890==  Address 0x5947030 is 16 bytes before a block of size 1,601,600
alloc'd
==8890==    at 0x4C262A4: operator new[](unsigned long) (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==8890==    by 0x4006E9: alloc() (bug.cpp:23)
==8890==    by 0x40071F: main (bug.cpp:33)
or
==8890== Invalid write of size 8
==8890==    at 0x400DC9: void std::__unguarded_linear_insert<E*, E>(E*, E)
(stl_algo.h:2069)
==8890==    by 0x400C4D: void std::__unguarded_insertion_sort<E*>(E*, E*)
(stl_algo.h:2148)
==8890==    by 0x4009CA: void std::__final_insertion_sort<E*>(E*, E*)
(stl_algo.h:2179)
==8890==    by 0x40086F: void std::sort<E*>(E*, E*) (stl_algo.h:5222)
==8890==    by 0x40079E: main (bug.cpp:40)
==8890==  Address 0x5947038 is 8 bytes before a block of size 1,601,600 alloc'd
==8890==    at 0x4C262A4: operator new[](unsigned long) (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==8890==    by 0x4006E9: alloc() (bug.cpp:23)
==8890==    by 0x40071F: main (bug.cpp:33)

Is it a bug, or I am doing something wrong?
The problem doesn't appear on all arrays, I will attach the bad array in the
next message.

bori...@vaio:~/gcc-bug$ LC_ALL=C g++ -v
Reading specs from /usr/lib64/gcc/x86_64-slackware-linux/4.4.4/specs
Target: x86_64-slackware-linux
Configured with: ../gcc-4.4.4/configure --prefix=/usr --libdir=/usr/lib64
--enable-shared --enable-bootstrap
--enable-languages=ada,c,c++,fortran,java,objc --enable-threads=posix
--enable-checking=release --with-system-zlib
--with-python-dir=/lib64/python2.6/site-packages --disable-libunwind-exceptions
--enable-__cxa_atexit --enable-libssp --with-gnu-ld --verbose
--disable-multilib --target=x86_64-slackware-linux
--build=x86_64-slackware-linux --host=x86_64-slackware-linux
Thread model: posix
gcc version 4.4.4 (GCC) 

bori...@vaio:~/gcc-bug$ uname -a
Linux vaio 2.6.34.1 #9 SMP Tue Aug 3 13:01:34 MSD 2010 x86_64 Intel(R) Core(TM)
i5 CPU       M 520  @ 2.40GHz GenuineIntel GNU/Linux


-- 
           Summary: sort accesses memory before first iterator
           Product: gcc
           Version: 4.4.4
            Status: UNCONFIRMED
          Severity: major
          Priority: P3
         Component: c++
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: boris at dolgov dot name
 GCC build triplet: x86_64-slackware-linux
  GCC host triplet: x86_64-slackware-linux
GCC target triplet: x86_64-slackware-linux


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45284

Reply via email to