This example will demonstrate 2 problems in mt_allocator.cc:
----------------
typedef __gnu_cxx::__mt_alloc<char> allocator_type;
typedef __gnu_cxx::__pool_base::_Tune tune_type;
allocator_type mt_char;
tune_type t(8, 40000, 8, (50000 - 4 * sizeof(void*)), 4096, 10, false);
mt_char._M_set_options(t);
allocator_type::pointer pc = mt_char.allocate(40000);
----------------
First bug in __pool<..>::_M_initialize():
Binmap_type __bin_max = _M_options._M_min_bin; // not correct.
size_t __bin_max = _M_options._M_min_bin; // correct.
Second bug in __pool<..>::_M_reserve_block():
while (--__block_count > 0) // not correct because __block_count may be equal
0(and size_t is unsigned)
{
__c += __bin_size;
__block->_M_next = reinterpret_cast<_Block_record*>(__c);
__block = __block->_M_next;
}
while (__block_count > 0) // correct
{
__c += __bin_size;
__block->_M_next = reinterpret_cast<_Block_record*>(__c);
__block = __block->_M_next;
--__block_count;
}
--
Summary: bugs in mt_allocator
Product: gcc
Version: 4.1.1
Status: UNCONFIRMED
Severity: critical
Priority: P3
Component: c++
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: random at adriver dot ru
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29179
