[Bug sanitizer/81068] Sanitizer memory leak in codecvt_utf8

2017-09-20 Thread redi at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81068

--- Comment #8 from Jonathan Wakely  ---
If the relevant libstdc++ source file is instrumented there are no errors:

tmp$ g++ -fsanitize=address,undefined conv.cc  
tmp$ ./a.out
/home/jwakely/gcc/8/include/c++/8.0.0/bits/locale_conv.h:68:48: runtime error:
member call on address 0x60300010 which does not point to an object of type
'__codecvt_abstract_base'
0x60300010: note: object is of type 'std::codecvt_utf8'
 01 00 00 33  e0 f9 40 00 00 00 00 00  00 00 00 00 be be be be  ff ff 10 00 00
00 00 00  00 00 00 00
  ^~~
  vptr for 'std::codecvt_utf8'
/home/jwakely/gcc/8/include/c++/8.0.0/bits/codecvt.h:220:36: runtime error:
member call on address 0x60300010 which does not point to an object of type
'__codecvt_abstract_base'
0x60300010: note: object is of type 'std::codecvt_utf8'
 01 00 00 33  e0 f9 40 00 00 00 00 00  00 00 00 00 be be be be  ff ff 10 00 00
00 00 00  00 00 00 00
  ^~~
  vptr for 'std::codecvt_utf8'
/home/jwakely/gcc/8/include/c++/8.0.0/bits/codecvt.h:202:32: runtime error:
member call on address 0x60300010 which does not point to an object of type
'__codecvt_abstract_base'
0x60300010: note: object is of type 'std::codecvt_utf8'
 01 00 00 33  e0 f9 40 00 00 00 00 00  00 00 00 00 be be be be  ff ff 10 00 00
00 00 00  00 00 00 00
  ^~~
  vptr for 'std::codecvt_utf8'

=
==17730==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 384 byte(s) in 6 object(s) allocated from:
#0 0x7f102afbdc40 in realloc (/lib64/libasan.so.4+0xdec40)
#1 0x7f102abe8aaa  (/lib64/libstdc++.so.6+0x92aaa)

SUMMARY: AddressSanitizer: 384 byte(s) leaked in 6 allocation(s).
tmp$ g++ -fsanitize=address,undefined conv.cc 
~/src/gcc/gcc/libstdc++-v3/src/c++11/codecvt.cc 
tmp$ ./a.out
tmp$

[Bug sanitizer/81068] Sanitizer memory leak in codecvt_utf8

2017-09-19 Thread piotr.stachura at delphi dot com 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81068

--- Comment #7 from Piotr Stachura  ---
Jonathan, you are right. In sample code, end of string should be input_data[8].
With this correction I have this same behavior on both systems that I use
(correct compilation and execution without sanitizer and memory leak when
sanitizer is enabled).

For clarification about Ubuntu system. When code is compiled with input end at
input_data[8] then output string is following:
0x22
0x44
0x80
0x156
0x34b
When compiled with input_data[7] last character is not present in output string
(as expected, since not full UTF-8 character is in input).
This same can be archived when compiled with end at input_data[6] at all
systems.
Memory leak is also shown when compiled with clang (4.0) with sanitizers.

[Bug sanitizer/81068] Sanitizer memory leak in codecvt_utf8

2017-09-19 Thread redi at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81068

--- Comment #6 from Jonathan Wakely  ---
If you use _data[7] then you do not have valid UTF-8 input, because it
ends with an incomplete multibyte character, "\xCD", instead of "\CD\x8B"

[Bug sanitizer/81068] Sanitizer memory leak in codecvt_utf8

2017-09-19 Thread redi at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81068

Jonathan Wakely  changed:

   What|Removed |Added

 Status|WAITING |UNCONFIRMED
 Ever confirmed|1   |0

--- Comment #5 from Jonathan Wakely  ---
The code is invalid (I have no idea why it doesn't throw an exception on
Ubuntu).

The correct end of the string is input_data + 8 not _data[7]

[Bug sanitizer/81068] Sanitizer memory leak in codecvt_utf8

2017-09-19 Thread redi at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81068

--- Comment #4 from Jonathan Wakely  ---
The difference in results isn't very relevant. I'm pretty sure the reason for
the sanitizer errors is that libstdc++.so isn't instrumented by the sanitizers.
If you build libstdc++.so with UBsan you wouldn't get the errors (although last
time I tried, building libstdc++.so with UBsan isn't possible due to compiler
bugs).

[Bug sanitizer/81068] Sanitizer memory leak in codecvt_utf8

2017-09-19 Thread marxin at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81068

Martin Liška  changed:

   What|Removed |Added

 CC||redi at gcc dot gnu.org

--- Comment #3 from Martin Liška  ---
Adding Jonathan, can you please take a look whether it's a valid or invalid
code?

[Bug sanitizer/81068] Sanitizer memory leak in codecvt_utf8

2017-09-19 Thread piotr.stachura at delphi dot com 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81068

--- Comment #2 from Piotr Stachura  ---
I have to check it deeper.
I have 2 systems - one gentoo and one Ubuntu.
On Ubuntu, code is correct (as I posted in bug report).
When I compile this same code on gentoo (gcc-5.4.0 and gcc-7.2.0) I have this
same results as you "terminate called after throwing an instance of
'std::range_error'".
Maybe a locale settings are making a difference...
LANG=pl_PL.utf8 vs LANG=pl_PL.UTF-8

On ubuntu:

valgrind ./1

==2581== Memcheck, a memory error detector
==2581== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==2581== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright info
==2581== Command: ./1
==2581== 
==2581== 
==2581== HEAP SUMMARY:
==2581== in use at exit: 0 bytes in 0 blocks
==2581==   total heap usage: 3 allocs, 3 frees, 72,794 bytes allocated
==2581== 
==2581== All heap blocks were freed -- no leaks are possible
==2581== 
==2581== For counts of detected and suppressed errors, rerun with: -v
==2581== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/6/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 6.2.0-7ubuntu11'
--with-bugurl=file:///usr/share/doc/gcc-6/README.Bugs
--enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr
--program-suffix=-6 --program-prefix=x86_64-linux-gnu- --enable-shared
--enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext
--enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/
--enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes
--with-default-libstdcxx-abi=new --enable-gnu-unique-object
--disable-vtable-verify --enable-libmpx --enable-plugin --enable-default-pie
--with-system-zlib --disable-browser-plugin --enable-java-awt=gtk
--enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-6-amd64/jre
--enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-6-amd64
--with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-6-amd64
--with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar
--enable-objc-gc --enable-multiarch --disable-werror --with-arch-32=i686
--with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib
--with-tune=generic --enable-checking=release --build=x86_64-linux-gnu
--host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 6.2.0 20161018 (Ubuntu 6.2.0-7ubuntu11)

[Bug sanitizer/81068] Sanitizer memory leak in codecvt_utf8

2017-09-14 Thread marxin at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81068

Martin Liška  changed:

   What|Removed |Added

 Status|UNCONFIRMED |WAITING
   Last reconfirmed||2017-09-14
 Ever confirmed|0   |1

--- Comment #1 from Martin Liška  ---
I would doubt w/ sanitizer one can have it working:

$ clang++ pr81068.cpp -std=c++11 && ./a.out 
terminate called after throwing an instance of 'std::range_error'
  what():  wstring_convert::from_bytes
Aborted (core dumped)

$ clang++ --version
clang version 4.0.1 (tags/RELEASE_401/final 305264)

$ g++ pr81068.cpp -std=c++11 && ./a.out 
terminate called after throwing an instance of 'std::range_error'
  what():  wstring_convert::from_bytes
Aborted (core dumped)

$ g++ --version
g++ (SUSE Linux) 7.1.1 20170802 [gcc-7-branch revision 250825]

$ valgrind ./a.out 
==18712== Memcheck, a memory error detector
==18712== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==18712== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==18712== Command: ./a.out
==18712== 
terminate called after throwing an instance of 'std::range_error'
  what():  wstring_convert::from_bytes
==18712== 
==18712== Process terminating with default action of signal 6 (SIGABRT):
dumping core
==18712==at 0x5758B30: raise (raise.c:51)
==18712==by 0x575A110: abort (abort.c:79)
==18712==by 0x4ED2234: __gnu_cxx::__verbose_terminate_handler() (in
/usr/lib64/libstdc++.so.6.0.24)
==18712==by 0x4ED0025: ??? (in /usr/lib64/libstdc++.so.6.0.24)
==18712==by 0x4ED0070: std::terminate() (in /usr/lib64/libstdc++.so.6.0.24)
==18712==by 0x4ED02B2: __cxa_throw (in /usr/lib64/libstdc++.so.6.0.24)
==18712==by 0x4EF89BE: std::__throw_range_error(char const*) (in
/usr/lib64/libstdc++.so.6.0.24)
==18712==by 0x401A16:
std::__cxx11::wstring_convert, char16_t, std::allocator, std::allocator
>::from_bytes(char const*, char const*) (in
/home/marxin/Programming/testcases/a.out)
==18712==by 0x40146C: main (in /home/marxin/Programming/testcases/a.out)

Can you please verify that it's a valid code?