[ https://issues.apache.org/jira/browse/STDCXX-554?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Farid Zaripov updated STDCXX-554: --------------------------------- Fix Version/s: 4.2 > [MSVC 7.1] Bad code generation of the std::moneypunct ctor (and possibly of > the std::messages ctor) > --------------------------------------------------------------------------------------------------- > > Key: STDCXX-554 > URL: https://issues.apache.org/jira/browse/STDCXX-554 > Project: C++ Standard Library > Issue Type: Bug > Components: 22. Localization > Affects Versions: 4.1.3, trunk > Environment: MSVC 7.1 with Service Pack 1 > Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 13.10.6030 for 80x86 > Copyright (C) Microsoft Corporation 1984-2002. All rights reserved. > Reporter: Farid Zaripov > Assignee: Farid Zaripov > Fix For: 4.2 > > Attachments: stdcxx-554.patch > > > The 22.locale.money.put.cpp test fails on MSVC 7.1 (15s build type) with > buffer overrun error due to bad code generation. > Here the assembly code for moneypunct ctor: > ------------- > _EXPLICIT moneypunct (_RWSTD_SIZE_T __refs = 0) > : _RW::__rw_facet (__refs), money_base () { } > 004018C0 push ebp > 004018C1 mov ebp,esp > 004018C3 push ecx > 004018C4 mov dword ptr [ebp-4],ecx > 004018C7 mov eax,dword ptr [__refs] > 004018CA push eax > 004018CB mov ecx,dword ptr [this] > 004018CE call __rw::__rw_facet::__rw_facet (412E20h) > 004018D3 xor ecx,ecx > 004018D5 mov edx,dword ptr [this] > 004018D8 add edx,38h // the sizeof > (moneypunct) == 0x38 > 004018DB mov byte ptr [edx],cl // here the place of the > buffer overrun > 004018DD mov eax,dword ptr [this] > 004018E0 mov dword ptr [eax],offset > std::moneypunct<char,0>::`vftable' (488838h) > 004018E6 mov eax,dword ptr [this] > 004018E9 mov esp,ebp > 004018EB pop ebp > 004018EC ret 4 > ------------- > When I commented the money_base () call the test succeeded and assembly > code has changed to: > ------------- > _EXPLICIT moneypunct (_RWSTD_SIZE_T __refs = 0) > : _RW::__rw_facet (__refs)/*, money_base ()*/ { } > 004018C0 push ebp > 004018C1 mov ebp,esp > 004018C3 push ecx > 004018C4 mov dword ptr [ebp-4],ecx > 004018C7 mov eax,dword ptr [__refs] > 004018CA push eax > 004018CB mov ecx,dword ptr [this] > 004018CE call __rw::__rw_facet::__rw_facet (412E20h) > 004018D3 mov ecx,dword ptr [this] > 004018D6 mov dword ptr [ecx],offset > std::moneypunct<char,0>::`vftable' (488838h) > 004018DC mov eax,dword ptr [this] > 004018DF mov esp,ebp > 004018E1 pop ebp > 004018E2 ret 4 > ------------- > Here the same assembly, but in 12s configuration: > before change: > ------------- > const PunctT pun; > 004018B1 push 1 > 004018B3 lea ecx,[esp+0B4h] > 004018BA call __rw::__rw_facet::__rw_facet (40A770h) > 004018BF mov byte ptr [esp+0E8h],bl // 0xE8 - 0xB4 == > 0x34, so here not buffer overrun, > > // but maybe changed last 4-byte member of the __rw_facet > > // (I suppose is _C_pid) > 004018C6 mov dword ptr [esp+0B0h],offset Punct<char,0>::`vftable' > (43A258h) > ------------- > after change: > ------------- > const PunctT pun; > 00401891 push 1 > 00401893 lea ecx,[esp+0B4h] > 0040189A call __rw::__rw_facet::__rw_facet (40A720h) > 0040189F mov dword ptr [esp+0B0h],offset Punct<char,0>::`vftable' > (43A258h) > ------------- > I have not verified, but I suppose that the same problem might be with > messages class. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.