Hi!
This example will demonstrate 2 problems in mt_allocator.cc:
typedef __gnu_cxx::__mt_alloc<char> allocator_type;
typedef __gnu_cxx::__pool_base::_Tune tune_type;
allocator_type mt_char;
tune_type t(8, 40000, 8, (50000 - 4 * sizeof(void*)), 4096, 10,
false);
mt_char._M_set_options(t);
allocator_type::pointer pc = mt_char.allocate(40000);
First bug in __pool<..>::_M_initialize():
Binmap_type __bin_max = _M_options._M_min_bin; // not correct.
size_t __bin_max = _M_options._M_min_bin; // correct.
Second bug in __pool<..>::_M_reserve_block():
while (--__block_count > 0) // not correct because __block_count may be
equal 0(and size_t is unsigned)
{
__c += __bin_size;
__block->_M_next = reinterpret_cast<_Block_record*>(__c);
__block = __block->_M_next;
}
while (__block_count > 0) // correct
{
__c += __bin_size;
__block->_M_next = reinterpret_cast<_Block_record*>(__c);
__block = __block->_M_next;
--__block_count;
}
Best regards, dk.
