[Bug libstdc++/59391] std::sort will go out of std::vector bounds and crash

2013-12-08 Thread awwafa at gmail dot com 
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59391

--- Comment #3 from Ahmed Wafa awwafa at gmail dot com ---
Yes, it works fine for 4.9 and 4.8.2, i can see that the fix for Bug 58437 take
care of this problem. This now can be closed, not a duplicate, but as
indirectly fixed.

[Bug libstdc++/59391] New: std::sort will go out of std::vector bounds and crash

2013-12-04 Thread awwafa at gmail dot com 
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59391

Bug ID: 59391
   Summary: std::sort will go out of std::vector bounds and crash
   Product: gcc
   Version: 4.4.6
Status: UNCONFIRMED
  Severity: normal
  Priority: P3
 Component: libstdc++
  Assignee: unassigned at gcc dot gnu.org
  Reporter: awwafa at gmail dot com

$ gcc -v
Using built-in specs.
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla
--enable-bootstrap --enable-shared --enable-threads=posix
--enable-checking=release --with-system-zlib --enable-__cxa_atexit
--disable-libunwind-exceptions --enable-gnu-unique-object
--enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk
--disable-dssi --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre
--enable-libgcj-multifile --enable-java-maintainer-mode
--with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib
--with-ppl --with-cloog --with-tune=generic --with-arch_32=i686
--build=x86_64-redhat-linux
Thread model: posix
gcc version 4.4.6 20110731 (Red Hat 4.4.6-3) (GCC)

--- gcc switches used -
g++  -o sort_test.o  -c sort_test.cxx
g++  -o sort_test  sort_test.o

 sort_test.cxx-
#include algorithm
#include vector

bool compare_val(int* a, int* b) {
   if (*a = *b) return true;
   return false;
}
int main (void) {

  const int int_array[] = {12, 13, 2, 2, 6, 7, 12, 2, 10, 11, 16, 5, 5, 2, 16,
7, 6, 16, 14, 5, 10, 9, 14, 3, 7, 15, 14, 6, 2, 1, 11, 13, 14, 12, 15, 4, 3,
11, 5, 12, 5, 5, 1, 9, 6, 16, 15, 11, 16, 13, 15, 10, 6, 13, 13, 12, 11, 10, 1,
13, 11, 11, 10, 9, 7, 8, 12, 10, 2};

   std::vectorint* my_vec;
   int length = sizeof(int_array)/sizeof(int);
   for(int i=0; i  length; ++i) {
  int *int_ptr =new int;
  *int_ptr = int_array[i];
  my_vec.push_back(int_ptr);
   }
   std::sort(my_vec.begin(), my_vec.end(), compare_val);
}
 sort_test.cxx-


 Valgrind output -
==20061== Memcheck, a memory error detector
==20061== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==20061== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==20061== Command: ./sort_test
==20061== 
==20061== Invalid read of size 8
==20061==at 0x40159E: __gnu_cxx::__normal_iteratorint**, std::vectorint*,
std::allocatorint*  
std::__unguarded_partition__gnu_cxx::__normal_iteratorint**,
std::vectorint*, std::allocatorint*  , int*, bool (*)(int*,
int*)(__gnu_cxx::__normal_iteratorint**, std::vectorint*,
std::allocatorint*  , __gnu_cxx::__normal_iteratorint**, std::vectorint*,
std::allocatorint*  , int*, bool (*)(int*, int*)) (in
/home/awafa/tmp/std_sort_crash/sort_test)
==20061==by 0x4010B8: void
std::__introsort_loop__gnu_cxx::__normal_iteratorint**, std::vectorint*,
std::allocatorint*  , long, bool (*)(int*,
int*)(__gnu_cxx::__normal_iteratorint**, std::vectorint*,
std::allocatorint*  , __gnu_cxx::__normal_iteratorint**, std::vectorint*,
std::allocatorint*  , long, bool (*)(int*, int*)) (in
/home/awafa/tmp/std_sort_crash/sort_test)
==20061==by 0x400B08: void std::sort__gnu_cxx::__normal_iteratorint**,
std::vectorint*, std::allocatorint*  , bool (*)(int*,
int*)(__gnu_cxx::__normal_iteratorint**, std::vectorint*,
std::allocatorint*  , __gnu_cxx::__normal_iteratorint**, std::vectorint*,
std::allocatorint*  , bool (*)(int*, int*)) (in
/home/awafa/tmp/std_sort_crash/sort_test)
==20061==by 0x40092A: main (in /home/awafa/tmp/std_sort_crash/sort_test)
==20061==  Address 0x4a33a48 is 8 bytes before a block of size 1,024 alloc'd
==20061==at 0x490459B: operator new(unsigned long)
(vg_replace_malloc.c:220)
==20061==by 0x401844: __gnu_cxx::new_allocatorint*::allocate(unsigned
long, void const*) (in /home/awafa/tmp/std_sort_crash/sort_test)
==20061==by 0x4012C9: std::_Vector_baseint*, std::allocatorint*
::_M_allocate(unsigned long) (in /home/awafa/tmp/std_sort_crash/sort_test)
==20061==by 0x400D5A: std::vectorint*, std::allocatorint*
::_M_insert_aux(__gnu_cxx::__normal_iteratorint**, std::vectorint*,
std::allocatorint*  , int* const) (in
/home/awafa/tmp/std_sort_crash/sort_test)
==20061==by 0x400A73: std::vectorint*, std::allocatorint*
::push_back(int* const) (in /home/awafa/tmp/std_sort_crash/sort_test)
==20061==by 0x4008E1: main (in /home/awafa/tmp/std_sort_crash/sort_test)

[Bug libstdc++/59391] std::sort will go out of std::vector bounds and crash

2013-12-04 Thread awwafa at gmail dot com 
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59391

--- Comment #1 from Ahmed Wafa awwafa at gmail dot com ---
// The following is shortest array that will reproduce that problem
const int int_array[] = {1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2};