[llvm-bugs] [Bug 27915] New: strstreambuf::overflow passes wrong value to setp

[via llvm-bugs]

https://llvm.org/bugs/show_bug.cgi?id=27915

            Bug ID: 27915
           Summary: strstreambuf::overflow passes wrong value to setp
           Product: libc++
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: All Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: ahatanak at gmail.com
                CC: llvm-bugs at lists.llvm.org, mclow.lists at gmail.com
    Classification: Unclassified

strstreambuf::overflow allocates a new memory block when the current character
pointer reaches the end pointer (when pptr() == epptr()) and then repositions
the pointers that define the put area calling setp.

setp(buf + einp, buf + einp + eout);

This code is incorrect since the third argument should be a value of a pointer
that points to the end of the put area. This bug causes ASAN to report an error
when the following program is compiled and run:

$ cat test.c
#include <iostream>
#include <string>
#include <strstream>

int main(int, char const **argv) {
  std::ostrstream oss;
  std::string s;

  for (int i = 0; i < 4096; ++i)
    s.push_back((i % 16) + 'a');

  oss << s << std::ends;
  std::cout << oss.str();
  oss.freeze(false);

  return 0;
}

A patch to fix this bug has been submitted here:
http://reviews.llvm.org/D20334

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160527/2a83fe4a/attachment.html>