[Bug c++/68073] New: free(): invalid pointer errors with short strings using _GLIBCXX_USE_CXX11_ABI=1
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68073 Bug ID: 68073 Summary: free(): invalid pointer errors with short strings using _GLIBCXX_USE_CXX11_ABI=1 Product: gcc Version: 5.2.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: nikola.kovacs at gmail dot com Target Milestone: --- Created attachment 36569 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=36569&action=edit testcases Download mapnik from here: https://github.com/mapnik/mapnik At least v3.0.3 and v3.0.7 are affected. A few include files are needed, but you do not need to compile it. I've attached a tar.gz with various testcases, the .ii files, and a shell script to run them all. All of them work with -D_GLIBCXX_USE_CXX11_ABI=0. With -D_GLIBCXX_USE_CXX11_ABI=1: test1 and test2 are the same except for the length of the string. test1 (short string) crashes, test2 does not. test3 and test4 are the same except for the length of the string. test3 (short string) crashes, test4 does not. test5, test6 and test7 are the same except for the length of the string. all three crash, but the error message is random: sometimes munmap_chunk(): invalid pointer, sometimes just Segmentation fault(core dumped) I'm using Ubuntu 15.10 x86_64 and g++ version is g++ (Ubuntu 5.2.1-22ubuntu2) 5.2.1 20151010 I also tried the first test with the 5.2.1 20151013 snapshot, and it also had this issue. Here's the original mapnik bugreport: https://github.com/mapnik/mapnik/issues/3090
[Bug c++/68073] free(): invalid pointer errors with short strings using _GLIBCXX_USE_CXX11_ABI=1
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68073 --- Comment #2 from nikola.kovacs at gmail dot com --- It's not my code, I'm just trying to make it work. The problem is it creates a new string into data, which is std::aligned_storage: new (&data) target_type(std::forward(val)); If the string is long, it has to be freed, otherwise there's a memory leak. The documentation for std::aligned_storage says it has to be destroyed with explicit destructor calls: http://en.cppreference.com/w/cpp/types/aligned_storage But it also says that only PODtypes can be used, and std::string isn't one. So that's the problem, right?
[Bug c++/68073] free(): invalid pointer errors with short strings using _GLIBCXX_USE_CXX11_ABI=1
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68073
--- Comment #3 from nikola.kovacs at gmail dot com ---
Never mind, I misread the documentation.
It looks like something else is causing the problem, since this works fine, and
it calls the destructor directly: (modified example from
http://en.cppreference.com/w/cpp/types/aligned_storage)
#include
#include
#include
template
class static_holder
{
typename std::aligned_storage::type data;
bool allocated = false;
public:
template void put(Args&&... args)
{
if (allocated) {
reinterpret_cast(&data)->~T();
}
new(&data) T(std::forward(args)...);
allocated = true;
}
const T& get() const
{
return *reinterpret_cast(&data);
}
~static_holder()
{
reinterpret_cast(&data)->~T();
}
};
int main()
{
static_holder v1;
static_holder v2;
v1.put("foo");
v1.put("bar");
v2.put("foobarbazasdfdafsdfadasdfasdf");
v2.put("x");
std::cout << v1.get() << '\n';
std::cout << v2.get() << '\n';
}
[Bug c++/68073] free(): invalid pointer errors with short strings using _GLIBCXX_USE_CXX11_ABI=1
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68073 --- Comment #4 from nikola.kovacs at gmail dot com --- (sorry for the triple post) I figured it out, it was caused by swap operating on std::aligned_storage, so it didn't properly swap the string.
