Skip to content

Undefined behaviour in ifstream assignment operator #49789

New issue
New issue
Closed
Closed
Undefined behaviour in ifstream assignment operator#49789
Labels
bugzillaIssues migrated from bugzillalibc++libc++ C++ Standard Library. Not GNU libstdc++. Not libc++abi.
@tonyelewis

Description

@tonyelewis
tonyelewis
mannequin
opened on May 22, 2021
Bugzilla Link 50445
Version 12.0
OS Linux
CC @mclow

Extended Description

Compiling the following code with clang++ -g -std=c++17 -stdlib=libc++ -fsanitize=undefined a.cpp -o a.clang_bin && ./a.clang_bin :

#include <filesystem>
#include <fstream>

int main() {
	::std::ifstream the_ifstream;
	the_ifstream = ::std::ifstream( ::std::filesystem::path{ "txt1" } );
	the_ifstream = ::std::ifstream( ::std::filesystem::path{ "txt2" } );
}

…and then running it (after creating local files txt1 and txt2 and settting environment variable UBSAN_OPTIONS to print_stacktrace=1), I get:

/llvm/bin/../include/c++/v1/fstream:445:35: runtime error: applying non-zero offset to non-null pointer 0x0000022de3c0 produced null pointer
    #0 0x446357 in std::__1::basic_filebuf<char, std::__1::char_traits<char> >::swap(std::__1::basic_filebuf<char, std::__1::char_traits<char> >&) /llvm/bin/../include/c++/v1/fstream:445:35
    #1 0x4444d3 in std::__1::basic_filebuf<char, std::__1::char_traits<char> >::operator=(std::__1::basic_filebuf<char, std::__1::char_traits<char> >&&) /llvm/bin/../include/c++/v1/fstream:392:5
    #2 0x42e23d in std::__1::basic_ifstream<char, std::__1::char_traits<char> >::operator=(std::__1::basic_ifstream<char, std::__1::char_traits<char> >&&) /llvm/bin/../include/c++/v1/fstream:1259:11
    #3 0x42d9e4 in main /tmp/a.cpp:7:15
    #4 0x7f9677cf20b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
    #5 0x40564d in _start (/tmp/a.clang_bin+0x40564d)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /llvm/bin/../include/c++/v1/fstream:445:35 in 
/llvm/bin/../include/c++/v1/fstream:446:34: runtime error: applying non-zero offset to non-null pointer 0x0000022de3c0 produced null pointer
    #0 0x446501 in std::__1::basic_filebuf<char, std::__1::char_traits<char> >::swap(std::__1::basic_filebuf<char, std::__1::char_traits<char> >&) /llvm/bin/../include/c++/v1/fstream:446:34
    #1 0x4444d3 in std::__1::basic_filebuf<char, std::__1::char_traits<char> >::operator=(std::__1::basic_filebuf<char, std::__1::char_traits<char> >&&) /llvm/bin/../include/c++/v1/fstream:392:5
    #2 0x42e23d in std::__1::basic_ifstream<char, std::__1::char_traits<char> >::operator=(std::__1::basic_ifstream<char, std::__1::char_traits<char> >&&) /llvm/bin/../include/c++/v1/fstream:1259:11
    #3 0x42d9e4 in main /tmp/a.cpp:7:15
    #4 0x7f9677cf20b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
    #5 0x40564d in _start (/tmp/a.clang_bin+0x40564d)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /llvm/bin/../include/c++/v1/fstream:446:34 in 
/llvm/bin/../include/c++/v1/fstream:447:47: runtime error: pointer index expression with base 0x7ffcc28d84f8 overflowed to 0xfffffffffffffd38
    #0 0x446656 in std::__1::basic_filebuf<char, std::__1::char_traits<char> >::swap(std::__1::basic_filebuf<char, std::__1::char_traits<char> >&) /llvm/bin/../include/c++/v1/fstream:447:47
    #1 0x4444d3 in std::__1::basic_filebuf<char, std::__1::char_traits<char> >::operator=(std::__1::basic_filebuf<char, std::__1::char_traits<char> >&&) /llvm/bin/../include/c++/v1/fstream:392:5
    #2 0x42e23d in std::__1::basic_ifstream<char, std::__1::char_traits<char> >::operator=(std::__1::basic_ifstream<char, std::__1::char_traits<char> >&&) /llvm/bin/../include/c++/v1/fstream:1259:11
    #3 0x42d9e4 in main /tmp/a.cpp:7:15
    #4 0x7f9677cf20b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
    #5 0x40564d in _start (/tmp/a.clang_bin+0x40564d)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /llvm/bin/../include/c++/v1/fstream:447:47 in 
/llvm/bin/../include/c++/v1/fstream:448:46: runtime error: pointer index expression with base 0x7ffcc28d84f8 overflowed to 0xfffffffffffffd38
    #0 0x446752 in std::__1::basic_filebuf<char, std::__1::char_traits<char> >::swap(std::__1::basic_filebuf<char, std::__1::char_traits<char> >&) /llvm/bin/../include/c++/v1/fstream:448:46
    #1 0x4444d3 in std::__1::basic_filebuf<char, std::__1::char_traits<char> >::operator=(std::__1::basic_filebuf<char, std::__1::char_traits<char> >&&) /llvm/bin/../include/c++/v1/fstream:392:5
    #2 0x42e23d in std::__1::basic_ifstream<char, std::__1::char_traits<char> >::operator=(std::__1::basic_ifstream<char, std::__1::char_traits<char> >&&) /llvm/bin/../include/c++/v1/fstream:1259:11
    #3 0x42d9e4 in main /tmp/a.cpp:7:15
    #4 0x7f9677cf20b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
    #5 0x40564d in _start (/tmp/a.clang_bin+0x40564d)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /llvm/bin/../include/c++/v1/fstream:448:46 in

I'm using a build of a recent commit (34c098b, 11th May, 2021).

The issue can also be seen on trunk on Compiler Explorer : https://godbolt.org/z/h5zc8jsvd

Thank you very much for all work on libc++.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugzillaIssues migrated from bugzillalibc++libc++ C++ Standard Library. Not GNU libstdc++. Not libc++abi.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions