Opened 6 years ago

Last modified 6 years ago

#12604 new Bugs

neither scoped_array nor checked_delete do check for nullptr

Reported by: steinbac@… Owned by: Peter Dimov
Milestone: To Be Determined Component: smart_ptr
Version: Boost 1.62.0 Severity: Problem
Keywords: Cc: Matthias.Werner1@…

Description

Hi, I recently ran across a problem where a scoped_array::reset was called with a nullptr argument. As this is not checked within scoped_array::reset or further down the callstack in scoped_array::swap, a checked_delete was called on a nullptr and threw a Segfault. For me, I'd consider this a bug as scoped_array assumes ownership and hence is responsible for delete it's allocated memory. the problem occurred during an ill-posed usage of the boost utf as documented in the file attached.

Attachments (1)

test.cpp (1.4 KB ) - added by anonymous 6 years ago.

Download all attachments as: .zip

Change History (5)

by anonymous, 6 years ago

Attachment: test.cpp added

comment:1 by Peter Dimov, 6 years ago

nullptr is a valid argument for checked_delete, which basically calls delete. Your test case works for me.

comment:2 by anonymous, 6 years ago

I am lost ... on every machine I tried, the attached code throws a segfault.

$ ./test 
Running 1 test case...

*** No errors detected
Segmentation fault (core dumped)

can you elaborate what you mean that nullptr is a valid argument to checked_delete? looking at the code, I see

template<class T> inline void checked_delete(T * x)
{
    // intentionally complex - simplification causes regressions
    typedef char type_must_be_complete[ sizeof(T)? 1: -1 ];
    (void) sizeof(type_must_be_complete);
    delete x;
}

template<class T> inline void checked_array_delete(T * x)
{
    typedef char type_must_be_complete[ sizeof(T)? 1: -1 ];
    (void) sizeof(type_must_be_complete);
    delete [] x;
}

at no point, neither checked_delete nor checked_array_delete actually checks if (x != 0x0). Just wondering if this is expected from the client to checked delete? If yes, then scoped_array should check if the arguments to scoped_array::reset or scoped_array::swap are no 0x0.

comment:3 by Peter Dimov, 6 years ago

nullptr is a valid argument for delete. There's no need to check.

I tried your example with the current develop branch of Boost, it may be fixed. I'll try with 1.62.0.

comment:4 by anonymous, 6 years ago

my mistake, I shouldn't submit bug reports on a Friday ... I mixed up code versions and thought that boost had a problem. Sorry for the noise and thank you for your patience.

Note: See TracTickets for help on using tickets.