Opened 5 years ago

#13119 new Bugs

Boost::binomial_heap Merge memcheck error - Merging 9 into 5

Reported by: jun.kudo@… Owned by: timblechmann
Milestone: To Be Determined Component: heap
Version: Boost 1.64.0 Severity: Problem
Keywords: Cc:

Description

Binomial heap merge routine reads from uninitialized memory in the attached example.

#include "boost/heap/binomial_heap.hpp"
typedef boost::heap::binomial_heap<int> Heap;

int main(int /*argc*/, char* /*argv*/[]) {
  Heap heap0;
  size_t heap0_size = 5;
  size_t max_range = 100;
  for (size_t ix = 0; ix < heap0_size; ++ix) {
    heap0.push(rand() % max_range);
  }

  Heap heap1;
  size_t heap1_size = 9;
  for (size_t ix = 0; ix < heap1_size; ++ix) {
    heap1.push(rand() % max_range);
  }
  heap0.merge(heap1);

}

I believe line 693 is incorrectly moving the iterator forwards. If the carry node is inserted before the last node of trees, this line will cause this_iterator to point to trees.end(). However, for this case, it will follow the goto statement and start another iteration which will cause the function to read from out of bounds.

Attachments (1)

main.cpp (453 bytes ) - added by jun.kudo@… 5 years ago.

Download all attachments as: .zip

Change History (1)

by jun.kudo@…, 5 years ago

Attachment: main.cpp added
Note: See TracTickets for help on using tickets.