Boost C++ Libraries: Ticket #6561: pool.free() crashes if given a null pointer https://svn.boost.org/trac10/ticket/6561 <p> The documentation states that the pointer given to pool.free() should be a pointer returned by pool.malloc(). </p> <p> However, if pool.malloc() fails and return a null value, calling pool.free() with the returned value does crash... </p> <p> It would be nice if pool.free() did not crash given a null pointer. </p> <p> Example crash : </p> <pre class="wiki">pool.free(pool.malloc()); </pre><p> Regards </p> en-us Boost C++ Libraries /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/6561 Trac 1.4.3 anonymous Fri, 24 Feb 2012 17:51:54 GMT component changed; owner set https://svn.boost.org/trac10/ticket/6561#comment:1 https://svn.boost.org/trac10/ticket/6561#comment:1 <ul> <li><strong>owner</strong> set to <span class="trac-author">Chris Newbold</span> </li> <li><strong>component</strong> <span class="trac-field-old">None</span> → <span class="trac-field-new">pool</span> </li> </ul> Ticket edupuis Thu, 03 May 2012 16:48:15 GMT owner, status changed https://svn.boost.org/trac10/ticket/6561#comment:2 https://svn.boost.org/trac10/ticket/6561#comment:2 <ul> <li><strong>owner</strong> changed from <span class="trac-author">Chris Newbold</span> to <span class="trac-author">edupuis</span> </li> <li><strong>status</strong> <span class="trac-field-old">new</span> → <span class="trac-field-new">assigned</span> </li> </ul> Ticket edupuis Thu, 03 May 2012 18:53:13 GMT status changed; resolution set https://svn.boost.org/trac10/ticket/6561#comment:3 https://svn.boost.org/trac10/ticket/6561#comment:3 <ul> <li><strong>status</strong> <span class="trac-field-old">assigned</span> → <span class="trac-field-new">closed</span> </li> <li><strong>resolution</strong> → <span class="trac-field-new">fixed</span> </li> </ul> <p> (In <a class="changeset" href="https://svn.boost.org/trac10/changeset/78317" title="Pool no longer crashes when freeing a null pointer. This is somewhat ...">[78317]</a>) Pool no longer crashes when freeing a null pointer. This is somewhat like the free() function and the delete operator and fixes <a class="new ticket" href="https://svn.boost.org/trac10/ticket/6561" title="#6561: Bugs: pool.free() crashes if given a null pointer (new)">#6561</a>. </p> Ticket edupuis Mon, 21 May 2012 05:59:51 GMT status changed; resolution deleted https://svn.boost.org/trac10/ticket/6561#comment:4 https://svn.boost.org/trac10/ticket/6561#comment:4 <ul> <li><strong>status</strong> <span class="trac-field-old">closed</span> → <span class="trac-field-new">reopened</span> </li> <li><strong>resolution</strong> <span class="trac-field-deleted">fixed</span> </li> </ul> Ticket edupuis Mon, 16 Jul 2012 20:01:25 GMT owner, status, type changed https://svn.boost.org/trac10/ticket/6561#comment:5 https://svn.boost.org/trac10/ticket/6561#comment:5 <ul> <li><strong>owner</strong> changed from <span class="trac-author">edupuis</span> to <span class="trac-author">John Maddock</span> </li> <li><strong>status</strong> <span class="trac-field-old">reopened</span> → <span class="trac-field-new">new</span> </li> <li><strong>type</strong> <span class="trac-field-old">Feature Requests</span> → <span class="trac-field-new">Bugs</span> </li> </ul> <p> <a class="ext-link" href="https://svn.boost.org/svn/boost/sandbox/pool"><span class="icon">​</span>https://svn.boost.org/svn/boost/sandbox/pool</a> at revision 79460 contains a solution for tickets <a class="new ticket" href="https://svn.boost.org/trac10/ticket/3789" title="#3789: Bugs: boost::object_pool::free() is very slow. (new)">#3789</a>, <a class="new ticket" href="https://svn.boost.org/trac10/ticket/5902" title="#5902: Bugs: Division by zero when requesting null sized buffers (new)">#5902</a>, <a class="new ticket" href="https://svn.boost.org/trac10/ticket/6561" title="#6561: Bugs: pool.free() crashes if given a null pointer (new)">#6561</a>, <a class="new ticket" href="https://svn.boost.org/trac10/ticket/6610" title="#6610: Feature Requests: customizing boost::pool/boost::object_pool via template parameter for ... (new)">#6610</a>, <a class="new ticket" href="https://svn.boost.org/trac10/ticket/6701" title="#6701: Bugs: integer overflows in ordered_malloc() (new)">#6701</a>, <a class="closed ticket" href="https://svn.boost.org/trac10/ticket/6718" title="#6718: Bugs: Missing images (closed: fixed)">#6718</a>, <a class="new ticket" href="https://svn.boost.org/trac10/ticket/6865" title="#6865: Feature Requests: pool.get_size() (new)">#6865</a> and <a class="new ticket" href="https://svn.boost.org/trac10/ticket/6867" title="#6867: Bugs: Unclear behavior of parameter 'max_size' (new)">#6867</a>. Related test cases are also present. </p> <p> <a class="ext-link" href="https://svn.boost.org/svn/boost/sandbox/pool"><span class="icon">​</span>https://svn.boost.org/svn/boost/sandbox/pool</a> at revision 79460 does <strong>not</strong> contain any other new features or modifications other than those related to the above tickets. </p> <p> Boost.Pool currently has no maintainer and is thus orphaned. </p> Ticket James E. King, III Sat, 12 May 2018 21:30:05 GMT <link>https://svn.boost.org/trac10/ticket/6561#comment:6 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/6561#comment:6</guid> <description> <p> I can confirm this is still an issue in 1.67.0: </p> <pre class="wiki">boost@ee79ac718c30:/boost/libs/pool/test$ cat test_bug_6561.cpp /* Copyright (C) 2018 James E. King III * * Use, modification and distribution is subject to the * Boost Software License, Version 1.0. (See accompanying * file LICENSE_1_0.txt or http://www.boost.org/LICENSE_1_0.txt) */ // Test of bug #6561 (https://svn.boost.org/trac/boost/ticket/6561) #include &lt;boost/assert.hpp&gt; #include &lt;boost/pool/simple_segregated_storage.hpp&gt; #include &lt;boost/smart_ptr/scoped_ptr.hpp&gt; int main() { boost::simple_segregated_storage&lt;std::size_t&gt; storage; storage.free(0); return 0; } </pre><p> That will produce a segfault. </p> </description> <category>Ticket</category> </item> </channel> </rss>