Bug#185242: libstdc++5-dev: rope segfaults under heavy load

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#185242: libstdc++5-dev: rope segfaults under heavy load
From: Ian Turner <vectro@pipeline.com>
Date: Mon, 17 Mar 2003 20:44:11 -0800
Message-id: <[🔎] E18v8xP-0001IL-00@crafter.house>
Reply-to: Ian Turner <vectro@pipeline.com>, 185242@bugs.debian.org

Package: libstdc++5-dev
Version: 1:3.2.3-0pre5
Severity: important

Consider the following program:

--- BEGIN ropetest.c ---
#include <ext/rope>

using namespace std;
using namespace __gnu_cxx;

unsigned int rand(unsigned int max) {
  unsigned int rval = (unsigned int)(((double)max)*rand()/(RAND_MAX));
  if (rval == max)
    return max-1;
}

int main() {
  crope r;
  char buf[10240];
  
  while (1) {
    if (rand(2) && r.size() < 1024*1024) {
      r.append(buf, rand(10240));
    } else if (r.size() > 10240) {
      r.erase(0, rand(10240));
    }
  }
  return 0;
}
--- END ropetest.c ---

It crashes when compiled with g++-3.0 or g++-3.2 (but not on g++ 2.95):

$ g++ ropetest.c -o ropetest-295 -Wall
$ ./ropetest-295
[ press CTRL-C ]
$ g++-3.0 ropetest.c -o ropetest-300 -Wall
$ ./ropetest-300
Segmentation fault
$ g++-3.2 ropetest.c -o ropetest-320 -Wall -g
$ ./ropetest-320
Aborted

$ gdb g++-3.2
GNU gdb 5.3-debian
[ snip ]
(gdb) run
Starting program: ropetest-320

Program received signal SIGABRT, Aborted.
0x40113a51 in kill () from /lib/libc.so.6
(gdb) bt
#0  0x40113a51 in kill () from /lib/libc.so.6
#1  0x40113872 in raise () from /lib/libc.so.6
#2  0x40114986 in abort () from /lib/libc.so.6
#3  0x4009a9a0 in __cxa_call_unexpected () from /usr/lib/libstdc++.so.5
#4  0x4009a9e4 in std::terminate() () from /usr/lib/libstdc++.so.5
#5  0x4009ab31 in __cxa_throw () from /usr/lib/libstdc++.so.5
#6  0x4009ace1 in operator new(unsigned) () from /usr/lib/libstdc++.so.5
#7  0x4008a4c9 in std::allocator<char>::allocate(unsigned, void const*) ()
   from /usr/lib/libstdc++.so.5
#8  0x0804935f in __gnu_cxx::rope<char, std::allocator<char> >::_S_RopeLeaf_from_unowned_char_ptr(char const*, unsigned, std::allocator<char>) (
    __s=0xbfffd190 "", __size=1073779424, __a={<No data fields>})
    at /usr/include/c++/3.2/ext/stl_rope.h:1412
#9  0x08048eef in __gnu_cxx::rope<char, std::allocator<char> >::_S_destr_concat_char_iter(__gnu_cxx::_Rope_RopeRep<char, std::allocator<char> >*, char const*, unsigned) (__r=0x0, __s=0xbfffd190 "", __slen=1073779424)
    at /usr/include/c++/3.2/ext/ropeimpl.h:557
#10 0x08048e2d in __gnu_cxx::rope<char, std::allocator<char> >::append(char const*, unsigned) (this=0xbffff9a0, __iter=0xbfffd190 "", __n=1073779424)
    at /usr/include/c++/3.2/ext/stl_rope.h:1795
#11 0x08048c6b in main () at ropetest.cc:19


-- System Information
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux crafter 2.4.19 #1 Fri Sep 27 18:25:53 PDT 2002 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages libstdc++5-dev depends on:
ii  g++-3.2                    1:3.2.3-0pre5 The GNU C++ compiler
ii  gcc-3.2-base               1:3.2.3-0pre5 The GNU Compiler Collection (base 
ii  libc6-dev                  2.3.1-14      GNU C Library: Development Librari
ii  libstdc++5                 1:3.2.3-0pre5 The GNU Standard C++ Library v3

Reply to:

Prev by Date: Bug#185243: libstdc++3-dev: rope segfaults under heavy load
Next by Date: Bug#185242: See also bug 185243
Previous by thread: Bug#185243: libstdc++3-dev: rope segfaults under heavy load
Next by thread: Bug#185242: See also bug 185243
Index(es):
- Date
- Thread