Opened 11 years ago

Last modified 4 years ago

#6561 new Bugs

pool.free() crashes if given a null pointer

Reported by: Étienne Dupuis <e.dupuis@…> Owned by: John Maddock
Milestone: To Be Determined Component: pool
Version: Boost 1.47.0 Severity: Problem
Keywords: Cc:

Description

The documentation states that the pointer given to pool.free() should be a pointer returned by pool.malloc().

However, if pool.malloc() fails and return a null value, calling pool.free() with the returned value does crash...

It would be nice if pool.free() did not crash given a null pointer.

Example crash :

pool.free(pool.malloc());

Regards

Change History (6)

comment:1 by anonymous, 11 years ago

Component: Nonepool
Owner: set to Chris Newbold

comment:2 by edupuis, 10 years ago

Owner: changed from Chris Newbold to edupuis
Status: newassigned

comment:3 by edupuis, 10 years ago

Resolution: fixed
Status: assignedclosed

(In [78317]) Pool no longer crashes when freeing a null pointer. This is somewhat like the free() function and the delete operator and fixes #6561.

comment:4 by edupuis, 10 years ago

Resolution: fixed
Status: closedreopened

comment:5 by edupuis, 10 years ago

Owner: changed from edupuis to John Maddock
Status: reopenednew
Type: Feature RequestsBugs

https://svn.boost.org/svn/boost/sandbox/pool at revision 79460 contains a solution for tickets #3789, #5902, #6561, #6610, #6701, #6718, #6865 and #6867. Related test cases are also present.

https://svn.boost.org/svn/boost/sandbox/pool at revision 79460 does not contain any other new features or modifications other than those related to the above tickets.

Boost.Pool currently has no maintainer and is thus orphaned.

comment:6 by James E. King, III, 4 years ago

I can confirm this is still an issue in 1.67.0:

boost@ee79ac718c30:/boost/libs/pool/test$ cat test_bug_6561.cpp
/* Copyright (C) 2018 James E. King III
*
* Use, modification and distribution is subject to the
* Boost Software License, Version 1.0. (See accompanying
* file LICENSE_1_0.txt or http://www.boost.org/LICENSE_1_0.txt)
*/

// Test of bug #6561 (https://svn.boost.org/trac/boost/ticket/6561)

#include <boost/assert.hpp>
#include <boost/pool/simple_segregated_storage.hpp>
#include <boost/smart_ptr/scoped_ptr.hpp>

int main()
{
    boost::simple_segregated_storage<std::size_t> storage;
    storage.free(0);
    return 0;
}

That will produce a segfault.

Last edited 4 years ago by James E. King, III (previous) (diff)
Note: See TracTickets for help on using tickets.