Opened 5 years ago
#13119 new Bugs
Boost::binomial_heap Merge memcheck error - Merging 9 into 5
| Reported by: | Owned by: | timblechmann | |
|---|---|---|---|
| Milestone: | To Be Determined | Component: | heap |
| Version: | Boost 1.64.0 | Severity: | Problem |
| Keywords: | Cc: |
Description
Binomial heap merge routine reads from uninitialized memory in the attached example.
#include "boost/heap/binomial_heap.hpp"
typedef boost::heap::binomial_heap<int> Heap;
int main(int /*argc*/, char* /*argv*/[]) {
Heap heap0;
size_t heap0_size = 5;
size_t max_range = 100;
for (size_t ix = 0; ix < heap0_size; ++ix) {
heap0.push(rand() % max_range);
}
Heap heap1;
size_t heap1_size = 9;
for (size_t ix = 0; ix < heap1_size; ++ix) {
heap1.push(rand() % max_range);
}
heap0.merge(heap1);
}
I believe line 693 is incorrectly moving the iterator forwards. If the carry node is inserted before the last node of trees, this line will cause this_iterator to point to trees.end(). However, for this case, it will follow the goto statement and start another iteration which will cause the function to read from out of bounds.
Attachments (1)
Note:
See TracTickets
for help on using tickets.
