http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48917
Summary: istringstream with integer overflow causes
uninitialised memory accesses
Product: gcc
Version: 4.2.1
Status: UNCONFIRMED
Severity: major
Priority: P3
Component: libstdc++
AssignedTo: unassig...@gcc.gnu.org
ReportedBy: r...@astro.princeton.edu
Created attachment 24200
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=24200
Source code to reproduce the problem
The attached program, if run on a machine with 32-bit ints (e.g. my macbook
pro, but also linux boxes) causes valgrind to report memory problems. The
problem is avoided by declaring n long if sizeof(long) == 8 which suggests an
overflow issue.
N.b. while the g++ version is 4.2.1, the libstdc++ appears to be 6.0.9
Run as
g++ -o badFormat badFormat.cc -Wall -g && valgrind badFormat
(N.b. the error persists compiling with clang++, but using libstdc++)
Errors:
g++ -o badFormat badFormat.cc -Wall -g && valgrind badFormat
==14920== Memcheck, a memory error detector
==14920== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==14920== Using Valgrind-3.7.0.SVN and LibVEX; rerun with -h for copyright info
==14920== Command: badFormat
==14920==
==14920== Conditional jump or move depends on uninitialised value(s)
==14920== at 0x10004632E: std::ostreambuf_iterator<char,
std::char_traits<char> > std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::_M_insert_int<long>(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x1000464F4: std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::do_put(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x10004D257: std::ostream& std::ostream::_M_insert<long>(long)
(in /usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x100000B9D: main (badFormat.cc:8)
==14920==
==14920== Use of uninitialised value of size 8
==14920== at 0x10003F3E0: int std::__int_to_char<char, unsigned long>(char*,
unsigned long, char const*, std::_Ios_Fmtflags, bool) (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x100046358: std::ostreambuf_iterator<char,
std::char_traits<char> > std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::_M_insert_int<long>(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x1000464F4: std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::do_put(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x10004D257: std::ostream& std::ostream::_M_insert<long>(long)
(in /usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x100000B9D: main (badFormat.cc:8)
==14920==
==14920== Conditional jump or move depends on uninitialised value(s)
==14920== at 0x10003F3EE: int std::__int_to_char<char, unsigned long>(char*,
unsigned long, char const*, std::_Ios_Fmtflags, bool) (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x100046358: std::ostreambuf_iterator<char,
std::char_traits<char> > std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::_M_insert_int<long>(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x1000464F4: std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::do_put(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x10004D257: std::ostream& std::ostream::_M_insert<long>(long)
(in /usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x100000B9D: main (badFormat.cc:8)
==14920==
==14920== Conditional jump or move depends on uninitialised value(s)
==14920== at 0x1000463C1: std::ostreambuf_iterator<char,
std::char_traits<char> > std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::_M_insert_int<long>(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x1000464F4: std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::do_put(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x10004D257: std::ostream& std::ostream::_M_insert<long>(long)
(in /usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x100000B9D: main (badFormat.cc:8)
==14920==
==14920== Conditional jump or move depends on uninitialised value(s)
==14920== at 0x1000463D6: std::ostreambuf_iterator<char,
std::char_traits<char> > std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::_M_insert_int<long>(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x1000464F4: std::num_put<char, std::ostreambuf_iterator<char,
std::char_traits<char> > >::do_put(std::ostreambuf_iterator<char,
std::char_traits<char> >, std::ios_base&, char, long) const (in
/usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x10004D257: std::ostream& std::ostream::_M_insert<long>(long)
(in /usr/lib/libstdc++.6.0.9.dylib)
==14920== by 0x100000B9D: main (badFormat.cc:8)
==14920==
0
==14920==
==14920== HEAP SUMMARY:
==14920== in use at exit: 4,184 bytes in 2 blocks
==14920== total heap usage: 4 allocs, 2 frees, 4,256 bytes allocated
==14920==
==14920== LEAK SUMMARY:
==14920== definitely lost: 0 bytes in 0 blocks
==14920== indirectly lost: 0 bytes in 0 blocks
==14920== possibly lost: 0 bytes in 0 blocks
==14920== still reachable: 4,184 bytes in 2 blocks
==14920== suppressed: 0 bytes in 0 blocks
==14920== Rerun with --leak-check=full to see details of leaked memory
==14920==
==14920== For counts of detected and suppressed errors, rerun with: -v
==14920== Use --track-origins=yes to see where uninitialised values come from
==14920== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0)
