[Bug libstdc++/31368] New: basic_string and unsigned short leads to memory fault

[gregoryk at edifecs dot com]

Main application dynamically loads shared library and uses function from
library to fill out string. If basic_string or basic_string are
used then no problem observed. In case of basic_string
application aborts (MALLOC_CHECK_=2) with message 

*** glibc detected *** free(): invalid pointer: 0x005015c0 ***
Aborted

gdb shows stack trace:

#0  0x003a79d2e2ed in raise () from /lib64/tls/libc.so.6
#1  0x003a79d2fa3e in abort () from /lib64/tls/libc.so.6
#2  0x003a79d62db1 in __libc_message () from /lib64/tls/libc.so.6
#3  0x003a79d6888e in _int_free () from /lib64/tls/libc.so.6
#4  0x003a79d68bd6 in free () from /lib64/tls/libc.so.6
#5  0x003a7ceae19e in operator delete () from /usr/lib64/libstdc++.so.6
#6  0x002a95579665 in __gnu_cxx::new_allocator::deallocate () from
./libloader.so
#7  0x002a9557954b in std::basic_string, std::allocator
>::_Rep::_M_destroy () from ./libloader.so
#8  0x002a9557908c in std::basic_string, std::allocator
>::_Rep::_M_dispose () from ./libloader.so
#9  0x002a95578e3e in std::basic_string, std::allocator >::reserve ()
   from ./libloader.so
#10 0x002a95578cef in std::basic_string, std::allocator >::append ()
   from ./libloader.so
#11 0x002a95578c63 in std::basic_string, std::allocator >::append ()
   from ./libloader.so
#12 0x002a95578c38 in read_string () from ./libloader.so
#13 0x00400860 in main ()

The "workaround" is to add reserve(1) before passing string to function. In
this case there is no abort. 

Why the behavior is different? Where is the problem?

Source code:

main.cpp
//-
#include 
#include 
#include "loader.h"

typedef void *pfLoader(std::ustring&);

int main(int argc, char* argv[])
{
void * libHandle = dlopen("libloader.so", RTLD_NOW|RTLD_GLOBAL);
pfLoader* pF = (pfLoader*)dlsym(libHandle, "read_string");

std::ustring s;
//  s.reserve(1);   // uncomment this line to prevent abort
pF(s);
return 0;
}
//-

loader.h
//-
#ifndef _LOADER_INCLUDED_
#define _LOADER_INCLUDED_

typedef unsigned short USHORT;

namespace std
{
typedef std::basic_string,
std::allocator > ustring;
}

extern "C" void read_string(std::ustring& sValue);

#endif // _RUNNER_INCLUDED_
//-

loader.cpp
//-
#include 
#include "loader.h"

const USHORT _sV [] = {'T','e','s','t','\0'};

void read_string(std::ustring& sValue)
{
sValue.append(_sV);
}
//-

Build commands:
main:  g++ -o main -I. -ldl main.cpp
lib:   g++ -Wl,-E -fPIC -I. -shared -o libloader.so loader.cpp

Version infos:
OS: 
Red Hat Enterprise Linux AS release 4 (Nahant Update 3)
Kernel \r on an \m

g++:
Reading specs from /usr/lib/gcc/x86_64-redhat-linux/3.4.5/specs
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --enable-shared --enable-threads=posix
--disable-checking --with-system-zlib --enable-__cxa_atexit
--disable-libunwind-exceptions --enable-java-awt=gtk --host=x86_64-redhat-linux
Thread model: posix
gcc version 3.4.5 20051201 (Red Hat 3.4.5-2)

glibc: 3.4


-- 
   Summary: basic_string and unsigned short leads to memory fault
   Product: gcc
   Version: 3.4.5
Status: UNCONFIRMED
  Severity: normal
      Priority: P3
 Component: libstdc++
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: gregoryk at edifecs dot com


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31368

[Bug libstdc++/31368] basic_string and unsigned short leads to memory fault

[gregoryk at edifecs dot com]

--- Comment #2 from gregoryk at edifecs dot com  2007-03-26 22:28 ---
Though the problem from bug 25956 looks same the instantiating didn't help.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31368

[Bug libstdc++/31368] basic_string and unsigned short leads to memory fault

[gregoryk at edifecs dot com]

--- Comment #4 from gregoryk at edifecs dot com  2007-03-26 23:13 ---
Ok. Can I help you somehow?


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31368

[Bug libstdc++/31368] basic_string and unsigned short leads to memory fault

[gregoryk at edifecs dot com]

--- Comment #7 from gregoryk at edifecs dot com  2007-03-27 18:20 ---
Unfortunately I do not have possibility to run my test case using latest GCC
compiler. I’m limited in hardware and software choice. Besides I’m not sure
what do you mean “to fix testcase”. If you could fix it then it will be
accepted in any way by me. 


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31368

[Bug libstdc++/31368] basic_string and unsigned short leads to memory fault

[gregoryk at edifecs dot com]

--- Comment #10 from gregoryk at edifecs dot com  2007-03-27 18:39 ---
Got it, thanks. In may original test I was relaying on LD_LIBRARY_PATH to have
current folder in the values. And there was no checking of dlopen result for
simplicity. Here is updated code. It will search for libloader.so in current
folder.

#include 
#include 
#include "loader.h"

typedef void *pfLoader(std::ustring&);

int main(int argc, char* argv[])
{
void * libHandle = dlopen("./libloader.so", RTLD_NOW|RTLD_GLOBAL);

if (0 == libHandle)
{
printf("Can not load \"./libloader.so\".\n");
return 1;
}

pfLoader* pF = (pfLoader*)dlsym(libHandle, "read_string");

if (0 == pF)
{
printf("Can not find function \"read_string\" in
libloader.so\n");
return 2;
}

std::ustring s;
//  s.reserve(1);   // uncomment this line to prevent abort
pF(s);
return 0;
}


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31368

[Bug libstdc++/31368] basic_string and unsigned short leads to memory fault

[gregoryk at edifecs dot com]

--- Comment #11 from gregoryk at edifecs dot com  2007-03-27 18:40 ---
Forgot to mention, that was main.cpp code.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31368

[Bug libstdc++/31368] basic_string and unsigned short leads to memory fault

[gregoryk at edifecs dot com]

--- Comment #14 from gregoryk at edifecs dot com  2007-03-27 19:51 ---
Thank you for info. The sample is working now with
_GLIBCXX_FULLY_DYNAMIC_STRING turned on. What is the next procedure with bug
status? For me bug can be marked as FIXED. 

Regarding portability. We use unsigned short strings on more then 6 platforms
and would like to continue this way. We use custom implementation of
char_traits where it is not available. And looking on migration
on Xerces STL as a common solution for all platforms (yes, it is not easy but
worth to try).


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31368