ahatanak marked an inline comment as done. ahatanak added a comment. I spent some time debugging the code and here is what I found.
The initial buffer size is 0 when strstreambuf is constructed and all six pointers are null initially. When the first character is pushed, strstreambuf::overflow allocates 4096B (which is the value of __default_alsize) and initializes the six pointers to the address of "buf". Then it bumps the current put character pointer (pptr). The other five pointers don't change. strstreambuf::overflow gets called 4095 more times and pptr is incremented every time. No new memory blocks are allocated while this happens because pptr() != epptr() after the first character is pushed. It seems that std::ends does get written to the right location (meaning buf+4096). I'm thinking ASAN doesn't catch this as an out-of-bound write because I'm using libc++ that is not instrumented. It catches the out-of-bound read because the call to strlen is intercepted (wrap_strlen) is called. http://reviews.llvm.org/D20334 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
