Opened 4 years ago
#13585 new Bugs
Undefined Behavior results in optimizer removing critical check
Reported by: | Owned by: | Beman Dawes | |
---|---|---|---|
Milestone: | To Be Determined | Component: | filesystem |
Version: | Boost 1.67.0 | Severity: | Problem |
Keywords: | Cc: |
Description
We have been experiencing an odd BAD_ACCESS when calling boost::filesystem::copy(const path& from, const path& to)
the symptom is a null pointer dereference when converting *ec to a bool at operations.cpp:894. However, this is preceeded by a check to ensure the ec != 0 which is being subverted.
The working theory is that on operations.cpp:893 a potentially null pointer to a boost::system::error_code is dereferenced and assigned to a reference as part of symlink_status(from, *ec) which is *undefined behavior*.
As a result, the optimizer seems to be removing the "ec != 0" check from the next line based on the knowledge that if ec had been null it would have resulted in undefined behavior already. This of course leads to the null ec being dereferenced and having its bool conversion called. In turn, this creates a bad access and abort.