https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98001
Bug ID: 98001
Summary: ext/stdio_filebuf/char/79820.cc is broken
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: rguenth at gcc dot gnu.org
Target Milestone: ---
The testcase reliably segfaults for me when run with
MALLOC_PERTURB_=69
MALLOC_CHECK_=3
in the environment. It then segfaults doing
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff74ec5bb in fflush () from /lib64/libc.so.6
(gdb) up
#1 0x00007ffff7b06175 in std::__basic_file<char>::sys_open
(this=this@entry=0x7fffffffe678,
__file=__file@entry=0x614c20) at basic_file.cc:202
202 __err = fflush(__file);
(gdb) l
197 {
198 int __err, __save_errno = errno;
199 // POSIX guarantees that fflush sets errno on error, but C
doesn't.
200 errno = 0;
201 do
202 __err = fflush(__file);
203 while (__err && errno == EINTR);
the testcase passes a FILE * that has been fclosed() to the
__gnu_cxx::stdio_filebuf<char> CTOR which then invokes fflush on it.
fclose() is documented as
RETURN VALUE
Upon successful completion, 0 is returned. Otherwise, EOF is returned
and errno is set to indicate the error. In either case, any further
access (including another call to fclose()) to the stream results in
undefined behavior.
so the testcase invokes undefined behavior. I don't think there's any way
to query whether a FILE * is valid or not for the standard library.
