<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Format Variadic: formatv_object_base : buggy move & copy constructors"

   href="https://bugs.llvm.org/show_bug.cgi?id=33388">33388</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Format Variadic: formatv_object_base : buggy move & copy constructors

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Support Libraries

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>benoit.belley@autodesk.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>formatv_object_base currently uses the implicitly defined move and copy

constructors. It turns out these are buggy. In typical use-cases, the problem

doesn't show-up because every single call to the move and copy constructors are

elided. Thus, the buggy constructors are never invoked. 

The issue especially shows-up when code is compiled using the

-fno-elide-constructors compiler flag. For instance, this is useful when

attempting to collect accurate code coverage statistics.

The exact issue is the following:

The Parameters data member is correctly moved or copied, thus making the

parameters occupy new memory locations in the target object. Unfortunately, the

default copying of the Adapters blindly copies the vector of pointers, leaving

each of these pointers referencing the parameters in the original object

instead of the copied one. These pointers quickly become dangling when the

original object is deleted. This quickly leads to crashes.

The solution is to update the Adapters pointers when performing a copy or move.

For example as in:

  formatv_object_base(formatv_object_base const &rhs)

      : Fmt(rhs.Fmt), Adapters(), // Adapters are initialized by formatv_object

        Replacements(rhs.Replacements) {

    Adapters.reserve(rhs.Adapters.size());

  };

  formatv_object_base(formatv_object_base &&rhs)

      : Fmt(std::move(rhs.Fmt)),

        Adapters(), // Adapters are initialized by formatv_object

        Replacements(std::move(rhs.Replacements)) {

    Adapters.reserve(rhs.Adapters.size());

  };

I am currently working on a patch for this.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>