id summary reporter owner description type status milestone component version severity resolution keywords cc 10389 [container] Double free problem on boost::containers::vector> kbinani John Maddock "Using boost::container::vector with std::unique_ptr causes double-free problem. === Compiler === clang++ on Mac OSX 10.9.4 {{{#!text $ clang++ --version $ Apple LLVM version 5.0 (clang-500.2.79) (based on LLVM 3.3svn) $ Target: x86_64-apple-darwin13.3.0 $ Thread model: posix }}} === Boost version === 1.54, 1.55, 1.56, HEAD(d811937 on https://github.com/boostorg/boost.git) === How to reproduce === Compile the sample code below and run. {{{#!cpp //file: container_vector_double_free.cpp //clang++ container_vector_double_free.cpp -std=c++11 -I/Users/kbinani/Documents/github/boostorg/boost #include #include int main() { typedef std::unique_ptr object_ptr_t; typedef boost::container::vector container_t; container_t c; // if the number of object to 'push_back' is less than 3, double-free problem does not occur. int const kNum = 10; // when 'reserve' called before 'push_back', double-free problem does not occur. //c.reserve(kNum); for (int i = 0; i < kNum; ++i) { object_ptr_t item(new int(0)); c.push_back(boost::move(item)); } return 0; } }}} Result: {{{#!text a.out(31615,0x7fff79acb310) malloc: *** error for object 0x7ff170403980: pointer being freed was not allocated *** set a breakpoint in malloc_error_break to debug Abort trap: 6 }}} Stack trace: {{{#!text #3 0x00007fff8da6707f in free () #4 0x0000000100002560 in std::__1::default_delete::operator()(int*) const [inlined] at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/c++/v1/memory:2488 #5 0x0000000100002539 in std::__1::unique_ptr >::reset(int*) [inlined] at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/c++/v1/memory:2687 #6 0x00000001000024e3 in std::__1::unique_ptr >::~unique_ptr() [inlined] at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/c++/v1/memory:2655 #7 0x00000001000024e3 in std::__1::unique_ptr >::~unique_ptr() [inlined] at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/c++/v1/memory:2655 #8 0x00000001000024e3 in std::__1::allocator > >::destroy(std::__1::unique_ptr >*) [inlined] at /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/c++/v1/memory:1739 #9 0x00000001000024af in void boost::container::allocator_traits > > >::priv_destroy > >(boost::integral_constant, std::__1::allocator > >&, std::__1::unique_ptr >*) at /Users/kbinani/Documents/github/boostorg/boost/libs/container/boost_container_vector_test/../../../boost/container/allocator_traits.hpp:300 #10 0x0000000100002471 in void boost::container::allocator_traits > > >::destroy > >(std::__1::allocator > >&, std::__1::unique_ptr >*) at /Users/kbinani/Documents/github/boostorg/boost/libs/container/boost_container_vector_test/../../../boost/container/allocator_traits.hpp:242 #11 0x0000000100002259 in void boost::container::destroy_alloc_n > >, std::__1::unique_ptr >*>(std::__1::allocator > >&, std::__1::unique_ptr >*, std::__1::iterator_traits >*>::difference_type, boost::container::container_detail::enable_if_c >*>::value_type>::value), void>::type*) at /Users/kbinani/Documents/github/boostorg/boost/libs/container/boost_container_vector_test/../../../boost/container/detail/utilities.hpp:1073 #12 0x0000000100001f2d in void boost::container::vector >, std::__1::allocator > > >::priv_forward_range_insert_new_allocation > >, std::__1::unique_ptr >*> >(std::__1::unique_ptr >*, unsigned long, std::__1::unique_ptr >*, unsigned long, boost::container::container_detail::insert_move_proxy > >, std::__1::unique_ptr >*>) at /Users/kbinani/Documents/github/boostorg/boost/libs/container/boost_container_vector_test/../../../boost/container/vector.hpp:2417 #13 0x0000000100001aee in boost::container::container_detail::vec_iterator >*, false> boost::container::vector >, std::__1::allocator > > >::priv_forward_range_insert_no_capacity > >, std::__1::unique_ptr >*> >(std::__1::unique_ptr >* const&, unsigned long, boost::container::container_detail::insert_move_proxy > >, std::__1::unique_ptr >*>, boost::container::container_detail::integral_constant) at /Users/kbinani/Documents/github/boostorg/boost/libs/container/boost_container_vector_test/../../../boost/container/vector.hpp:2045 #14 0x000000010000193c in void boost::container::vector >, std::__1::allocator > > >::priv_push_back > >(std::__1::unique_ptr >&&) at /Users/kbinani/Documents/github/boostorg/boost/libs/container/boost_container_vector_test/../../../boost/container/vector.hpp:1944 #15 0x0000000100001810 in boost::container::vector >, std::__1::allocator > > >::push_back(std::__1::unique_ptr >&&) at /Users/kbinani/Documents/github/boostorg/boost/libs/container/boost_container_vector_test/../../../boost/container/vector.hpp:1467 #16 0x0000000100001581 in main at /Users/kbinani/Documents/github/boostorg/boost/libs/container/boost_container_vector_test/boost_container_vector_test/main.cpp:14 }}}" Bugs closed To Be Determined type_traits Boost 1.56.0 Problem fixed