<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - segv in string move-constructor with _LIBCPP_DEBUG=1"
href="https://bugs.llvm.org/show_bug.cgi?id=46625">46625</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>segv in string move-constructor with _LIBCPP_DEBUG=1
</td>
</tr>
<tr>
<th>Product</th>
<td>libc++
</td>
</tr>
<tr>
<th>Version</th>
<td>9.0
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>All Bugs
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedclangbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>graydon@pobox.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org, mclow.lists@gmail.com
</td>
</tr></table>
<p>
<div>
<pre>I believe this program winds up move-constructing over a non-small string in
LHS
of the + operator and something about this disagrees with the strings (or more
specifically the iterator-debugging machinery within the strings) produced by
std::to_string. I haven't been able to narrow it down further or determine
cause:
Example program:
#include <string>
void use(std::string const& out) {}
int main() {
use("0123456789012345678901" + std::to_string(1));
}
Example compile command:
$ clang++-9 -stdlib=libc++ -D_LIBCPP_DEBUG=1 t.cpp
Example run:
$ ./a.out
Segmentation fault (core dumped)
With sanitizer:
$ clang++-9 -stdlib=libc++ -D_LIBCPP_DEBUG=1 -fsanitize=address t.cpp
$ ./a.out
AddressSanitizer:DEADLYSIGNAL
=================================================================
==42275==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc
0x7f2c525e7647 bp 0x7fff815df6f0 sp 0x7fff815df680 T0)
==42275==The signal is caused by a READ memory access.
==42275==Hint: address points to the zero page.
#0 0x7f2c525e7646 in std::__1::__libcpp_db::swap(void*, void*)
libcxx/build/src/./libcxx/src/debug.cpp:463:18
#1 0x4c6603 in std::__1::basic_string<char, std::__1::char_traits<char>,
std::__1::allocator<char> >::basic_string(std::__1::basic_string<char,
std::__1::char_traits<char>, std::__1::allocator<char> >&&)
(/home/src/stellar-core/a.out+0x4c6603)
#2 0x4c5f55 in std::__1::basic_string<char, std::__1::char_traits<char>,
std::__1::allocator<char> > std::__1::operator+<char,
std::__1::char_traits<char>, std::__1::allocator<char> >(char const*,
std::__1::basic_string<char, std::__1::char_traits<char>,
std::__1::allocator<char> >&&) (/home/src/stellar-core/a.out+0x4c5f55)
#3 0x4c5d50 in main (/home/src/stellar-core/a.out+0x4c5d50)
#4 0x7f2c513c0b96 in __libc_start_main
/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#5 0x41bcf9 in _start (/home/src/stellar-core/a.out+0x41bcf9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV libcxx/build/src/./libcxx/src/debug.cpp:463:18
in std::__1::__libcpp_db::swap(void*, void*)
==42275==ABORTING</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>