[LLVMbugs] [Bug 16819] New: compare function with equal semantics cause std::sort function core dump

Wed Aug 7 04:43:28 PDT 2013

http://llvm.org/bugs/show_bug.cgi?id=16819

            Bug ID: 16819
           Summary: compare function with equal semantics cause std::sort
                    function core dump
           Product: libc++
           Version: unspecified
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P
         Component: All Bugs
          Assignee: hhinnant at apple.com
          Reporter: xtaotao at qq.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

If a compare function implement by “>=” will cause std::sort function core
dump,
and the sort range [begin, end) will be overflow, the end element will be
compared.

// libc++ version 3.3
// clang version 3.3
// $ clang++ a.cpp -std=c++11
// $ ./a.out 
// 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6,
5, 4, 3, 2, 1, 0, 
// $ clang++ a.cpp -std=c++11 -stdlib=libc++
// $ ./a.out 
// why x == y?
// why x == y?
// why x == y?
// why x == y?
// why x == y?
// why vector::cend() is here? ? ? ?
// segment fault(core dump)

#include <algorithm>
#include <vector>
#include <iostream>

// a struct with constructor and assignment operator.
struct SomeData
{
    SomeData(int value) : data(value) {}

    SomeData& operator = (const SomeData& rhs)
    {
        data = rhs.data;
        return *this;
    }

    int data;
};

struct CompareFunction
{
    CompareFunction(const SomeData* begin, const SomeData* end) :
_begin(begin), _end(end)
    {
    }

    bool operator()(const SomeData& x, const SomeData& y) const
    {
        if (&x == &y)
            std::cout << "why x == y?" << std::endl;
        else if (&x == _end)
            std::cout << "why vector::cend() is here? ? ? ?" << std::endl;

        return x.data >= y.data;
    }

    const SomeData* _begin;
    const SomeData* _end;
};

int main(int argc, char* argv[])
{
    std::srand(time(0));
    const int array[] =
    {
         0,  3,  6,  8,  7,  9,  4, 14, 13, 12,
        11, 10,  2, 23, 22, 21, 20, 19, 18, 17,
        16, 15,  1, 25, 24,  5
    };

    const int count = sizeof(array) / sizeof(array[0]);

    std::vector<SomeData> vec;
    for (int i = 0; i < count; ++ i)
        vec.push_back(SomeData(array[i]));

    CompareFunction compare(&(*vec.begin()), &(*vec.end()));
    std::sort(vec.begin(), vec.end(), compare);
    for (auto it = vec.cbegin(); it != vec.cend(); ++ it)
        std::cout << it->data << ", ";
    std::cout << std::endl;

    return 0;
}

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20130807/f67070d9/attachment.html>