Is this a programming error, or a compiler error..

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Is this a programming error, or a compiler error..

Willem Jan Withagen-2
Hi,

I'm getting a crash in a Ceph test program in the following pice of code:

struct entity_addrvec_t {
   vector<entity_addr_t> v;
.....
   entity_addr_t legacy_addr() const {
     for (auto& a : v) {
       if (a.type == entity_addr_t::TYPE_LEGACY) {
         return a;
       }
     }
     return entity_addr_t();
   }
......

Where the loop is taken, even if v.size() == 0
So v content is pointing to random memory and itterating over the next
pointer results in a crash.

I would expect the loop not to be executed....

--WjW

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-toolchain
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Is this a programming error, or a compiler error..

Dimitry Andric-4
On 13 Mar 2019, at 12:57, Willem Jan Withagen <[hidden email]> wrote:

>
> I'm getting a crash in a Ceph test program in the following pice of code:
>
> struct entity_addrvec_t {
>   vector<entity_addr_t> v;
> .....
>   entity_addr_t legacy_addr() const {
>     for (auto& a : v) {
>       if (a.type == entity_addr_t::TYPE_LEGACY) {
>         return a;
>       }
>     }
>     return entity_addr_t();
>   }
> ......
>
> Where the loop is taken, even if v.size() == 0
> So v content is pointing to random memory and itterating over the next pointer results in a crash.
This can happen when the vector is invalidated, due to either it, or its
parent object having been moved from.  Maybe run this under valgrind or
AddressSanitizer, that should give some more clues.

-Dimitry


signature.asc (230 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Is this a programming error, or a compiler error..

Willem Jan Withagen-2
On 13-3-2019 13:17, Dimitry Andric wrote:

> On 13 Mar 2019, at 12:57, Willem Jan Withagen <[hidden email]> wrote:
>> I'm getting a crash in a Ceph test program in the following pice of code:
>>
>> struct entity_addrvec_t {
>>    vector<entity_addr_t> v;
>> .....
>>    entity_addr_t legacy_addr() const {
>>      for (auto& a : v) {
>>        if (a.type == entity_addr_t::TYPE_LEGACY) {
>>          return a;
>>        }
>>      }
>>      return entity_addr_t();
>>    }
>> ......
>>
>> Where the loop is taken, even if v.size() == 0
>> So v content is pointing to random memory and itterating over the next pointer results in a crash.
> This can happen when the vector is invalidated, due to either it, or its
> parent object having been moved from.  Maybe run this under valgrind or
> AddressSanitizer, that should give some more clues.

Would be new tricks for me... I'll look into it.
Prefixing the loop with `if (!empy())` fixes the runtime problem, and
this is a single thread program
So there is no other thread here that could work on the vector and
corrupt it while looping over it.

--WjW

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-toolchain
To unsubscribe, send any mail to "[hidden email]"