[llvm-bugs] [Bug 39354] New: Potential undefined behaviour in the ctor for vector<bool>
via llvm-bugs
llvm-bugs at lists.llvm.org
Fri Oct 19 05:36:11 PDT 2018
https://bugs.llvm.org/show_bug.cgi?id=39354
Bug ID: 39354
Summary: Potential undefined behaviour in the ctor for
vector<bool>
Product: libc++
Version: 7.0
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P
Component: All Bugs
Assignee: unassignedclangbugs at nondot.org
Reporter: david.wagner at easymile.com
CC: llvm-bugs at lists.llvm.org, mclow.lists at gmail.com
In std::vector<bool>::vector(size_t, bool), when the size is greater than 0,
__fill_n_false is called, which contains:
*__first.__seg_ &= ~__m;
However, the memory in __first.__seg has not been initialized (only allocated).
This is then undefined behaviour because its old (uninitialized) value is used
to compute its new value.
This was reported to us by a (proprietary) static analysis tool but we were not
able to have this error detected with valgrind nor any sanitizers (tried it
with various optimization levels). When using valgrind's --malloc-fill option
and vgdb, we observed that the allocated memory contained only zeros instead of
the non-zero value valgrind was supposed to set. Is malloc involved at all? If
not, does the allocation function always zero the memory?
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20181019/ae29218b/attachment.html>
More information about the llvm-bugs
mailing list