[
https://issues.apache.org/jira/browse/STDCXX-597?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12573905#action_12573905
]
vitek edited comment on STDCXX-597 at 2/29/08 11:10 AM:
---------------------------------------------------------------
The test_access() function in 21.string.access.cpp uses rw_match() to verify
that two empty strings are equal. It does so with a line that looks something
like this...
{noformat}
const bool success = 1 == rw_match (exp_res, pres, 1);
{noformat}
The problem is that the string `pres' only has 1 byte of initialized data, and
that one byte is the terminator for the string. The rw_match() function expects
that the provided `len' is the number of characters before the null terminator.
So this seems like a bug in test_access(), not in _rw_get_char.
Here is a simplified testcase that shows the UMR when misusing rw_match().
{noformat}
#include <rw_char.h> // for rw_match()
#include <stdlib.h> // for malloc()
int main ()
{
char* s = (char*)malloc (10);
*s = '\0';
const char u [2] = {
'\0', '\0'
};
rw_match (u, s, 1);
free (s);
return 0;
}
{noformat}
was (Author: vitek):
The test_access() function in 21.string.access.cpp uses rw_match() to
verify that two empty strings are equal. It does so with a line that looks
something like this...
const bool success = 1 == rw_match (exp_res, pres, 1);
Here is a simplified testcase that shows the UMR when misusing rw_match().
{noformat}
#include <rw_char.h> // for rw_match()
#include <stdlib.h> // for malloc()
int main ()
{
char* s = (char*)malloc (10);
*s = '\0';
const char u [2] = {
'\0', '\0'
};
rw_match (u, s, 1);
free (s)
return 0;
}
{noformat}
The problem is that the string `s' only has 1 byte of initialized data, and
that one byte is the terminator for the string. The rw_match() function expects
that the provided `len' is the number of characters before the null terminator.
So this seems like a bug in test_access(), not in _rw_get_char.
> purify reports uninitialized memory read in _rw_get_char
> ---------------------------------------------------------
>
> Key: STDCXX-597
> URL: https://issues.apache.org/jira/browse/STDCXX-597
> Project: C++ Standard Library
> Issue Type: Improvement
> Components: Test Driver
> Affects Versions: 4.2.0
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Minor
> Fix For: 4.2.1
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> {noformat}
> **** Purify instrumented ./21.string.access (pid 2878) ****
> UMR: Uninitialized memory read:
> * This is occurring while in thread 2878:
> _rw_get_char(char const*, char const**, unsigned*) [char.cpp:562]
> rw_match(char const*, char const*, unsigned) [char.cpp:816]
> test_access<char, std::char_traits<char>, std::allocator<char> >(char,
> std::char_traits<char>*, char*, StringFunc const&, StringTestCase const&)
> [21.string.access.cpp:274]
> test_access(StringFunc const&, StringTestCase const&)
> [21.string.access.cpp:317]
> _rw_test_case(StringFunc const&, StringTestCase const&, (*)(StringFunc
> const&, StringTestCase const&)) [21.strings.cpp:1298]
> _rw_run_cases(StringFunc const&, StringTest const&) [21.strings.cpp:1353]
> * Reading 1 byte from 0x8182256 in the heap.
> * Address 0x8182256 is 14 bytes into a malloc'd block at 0x8182248 of 46
> bytes.
> * This block was allocated from thread -1207973632:
> malloc [rtlib.o]
> operator new(unsigned) [libstd15d.so]
> __rw::__rw_allocate(unsigned, int) [memory.cpp:53]
> std::allocator<char>::allocate(unsigned, const*) [_allocator.h:144]
> std::string<char, std::char_traits<char>,
> std::allocator<char>>::_C_get_rep(unsigned, unsigned) [string.cc:102]
> std::string<char, std::char_traits<char>,
> std::allocator<char>>::string<char, std::char_traits<char>,
> std::allocator<char>>[not-in-charge](char const*, unsigned,
> std::allocator<char> const&) [string.cc:180]
> **** Purify instrumented ./21.string.access (pid 2878) ****
> UMR: Uninitialized memory read:
> * This is occurring while in thread 2878:
> _rw_get_char(char const*, char const**, unsigned*) [char.cpp:562]
> rw_match(char const*, char const*, unsigned) [char.cpp:816]
> test_access<char, UserTraits<char>, std::allocator<char> >(char,
> UserTraits<char>*, char*, StringFunc const&, StringTestCase const&)
> [21.string.access.cpp:274]
> test_access(StringFunc const&, StringTestCase const&)
> [21.string.access.cpp:317]
> _rw_test_case(StringFunc const&, StringTestCase const&, (*)(StringFunc
> const&, StringTestCase const&)) [21.strings.cpp:1298]
> _rw_run_cases(StringFunc const&, StringTest const&) [21.strings.cpp:1353]
> * Reading 1 byte from 0x818d5a6 in the heap.
> * Address 0x818d5a6 is 14 bytes into a malloc'd block at 0x818d598 of 46
> bytes.
> * This block was allocated from thread -1207973632:
> malloc [rtlib.o]
> operator new(unsigned) [libstd15d.so]
> __rw::__rw_allocate(unsigned, int) [memory.cpp:53]
> std::allocator<char>::allocate(unsigned, const*) [_allocator.h:144]
> std::basic_string<char, std::char_traits<char>,
> std::allocator<char>><char, UserTraits<char>, std::allocator<char>
> >::_C_get_rep(unsigned, unsigned) [string.cc:102]
> std::basic_string<char, std::char_traits<char>,
> std::allocator<char>><char, UserTraits<char>, std::allocator<char>
> >::basic_string<char, std::char_traits<char>,
> std::allocator<char>>[not-in-charge](char const*, unsigned,
> std::allocator<char> const&) [string.cc:180]
> {noformat}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
