<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - strstreambuf::sgetn reads wrong bytes"

   href="https://bugs.llvm.org/show_bug.cgi?id=35335">35335</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>strstreambuf::sgetn reads wrong bytes

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libc++

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>4.0

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>Macintosh

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>MacOS X

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>All Bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedclangbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>jens@mooseyard.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org, mclow.lists@gmail.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=19433" name="attach_19433" title="Test case demonstrating the bug.">attachment 19433</a> <a href="attachment.cgi?id=19433&action=edit" title="Test case demonstrating the bug.">[details]</a></span>

Test case demonstrating the bug.

I've found a bug where a sequence of sputn and sgetn calls on a strstreambuf

ends in an incorrect read. The overview is:

1. Construct strstreambuf with default constructor

2. Call sputn with 1500 bytes

3. Call sgetn (into a large enough buffer to read all the bytes)

4. Call sputn with at least 2597 bytes

5. Call sgetn again (same buffer)

The final sgetn call reads 4097 bytes, not 2597 as expected. (4097 == 1500 +

2597)

This bug seems to occur whenever the total number of bytes written is > 4096.

Apparently the strstreambuf reallocates its internal buffer, and some of its

pointers end up in the wrong place.

Attached is a short test case that demonstrates the bug. It will trigger an

assertion failure when run. The constants kLen1 and kLen2 correspond to the

sizes of the two writes; if these are modified so their total is <= 4096, the

program exits successfully.

ENVIRONMENT:

Mac OS X 10.13.2 beta

Xcode 9.2 beta (9C34b)

MacBook Pro (Retina, 15-inch, Late 2013)

I'm unsure exactly what version of libc++ I have; I'm assuming 4.0 since the

header <__config> contains:

    #define _LIBCPP_VERSION 4000</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>