Context Navigation

#11912 closed Bugs (fixed)

boost::interprocess::flat_map use of vector::priv_forward_range_insert_expand_backwards may cause boost::container::move with same source and destination

Reported by:	zeeshan.qazi@…	Owned by:	Ion Gaztañaga
Milestone:	To Be Determined	Component:	interprocess
Version:	Boost 1.61.0	Severity:	Problem
Keywords:		Cc:

Description

boost::interprocess::flat_map use of vector::priv_forward_range_insert_expand_backwards may cause boost::container::move with same source and destination.

If an allocator that supports expand_backwards or expand_forwards is used and either of the operation succeeds with the capacity of increasing by the count of elements being inserted, and the elements being inserted happen to be placed in the direction of the expansion, then the following line (marked:>>>>) in vector.hpp computes the raw_gap as zero:

Old situation: | raw_mem | old_begin | old_end | | _|_|_| New situation: | old_begin | new | old_end | raw_mem | |_||_|_| Now initialize the rest of memory with the last old values All new elements correctly constructed, avoid new element destruction

const size_type raw_gap = s_before - before_plus_new;

if(!value_traits::trivial_dctr){

This results in boost::container::move being called with the same source and destination.

Change History (3)

comment:1 by zeeshan.qazi@…, 7 years ago

Sorry: the code block should appear as below:

            //Old situation:
            // __________________________________________________
            //|            raw_mem         | old_begin | old_end |
            //| ___________________________|___________|_________|
            //
            //New situation:
            // __________________________________________________
            //| old_begin |   new    | old_end |  raw_mem        |
            //|___________|__________|_________|_________________|
            //
            //Now initialize the rest of memory with the last old values
            //All new elements correctly constructed, avoid new element destruction
            const size_type raw_gap = s_before - before_plus_new;
            if(!value_traits::trivial_dctr){

comment:2 by viboes, 7 years ago

Component:	None → interprocess
Owner:	set to Ion Gaztañaga

comment:3 by Ion Gaztañaga, 7 years ago

Resolution:	→ fixed
Status:	new → closed

Many thanks for the report. Fixed in commit:

https://github.com/boostorg/container/commit/3e82a27917976e4941b8cde484a14a345ac22d58

Note: See TracTickets for help on using tickets.

Download in other formats: