| Summary: | uclibc++ crashes when trying to splice to empty list | ||
|---|---|---|---|
| Product: | uClibc++ | Reporter: | Charlemagne Lasse <charlemagnelasse> |
| Component: | Standard Compliance | Assignee: | Bernhard Reutner-Fischer <aldot> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | uclibc-cvs |
| Priority: | P5 | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
Fixed in c2fd3e7bac717eb783ee046b9a5639d6badcb86c Thanks for the report! |
Right now, each program seems to crash which uses splice to move an item to another list (which is empty): #include <list> int main() { std::list<int> empty_list; std::list<int> two_item_list; two_item_list.push_back(1); two_item_list.push_back(2); empty_list.splice(empty_list.end(), two_item_list, two_item_list.begin()); return 0; } It crashes with: 4 { 1: two_item_list = {list_start = 0x1, list_end = 0x77f0d57f <blobmsg_add_field+42>, elements = 2012192832, a = {<No data fields>}} 2: empty_list = {list_start = 0x0, list_end = 0x77ec51ec <operator new(unsigned int)+44>, elements = 32, a = {<No data fields>}} (gdb) n 151 std::list<int> empty_list; 1: two_item_list = {list_start = 0x1, list_end = 0x77f0d57f <blobmsg_add_field+42>, elements = 2012192832, a = {<No data fields>}} 2: empty_list = {list_start = 0x0, list_end = 0x77ec51ec <operator new(unsigned int)+44>, elements = 32, a = {<No data fields>}} (gdb) n 5 std::list<int> two_item_list; 1: two_item_list = {list_start = 0x1, list_end = 0x77f0d57f <blobmsg_add_field+42>, elements = 2012192832, a = {<No data fields>}} 2: empty_list = {list_start = 0x77eb0910, list_end = 0x77eb0910, elements = 0, a = {<No data fields>}} (gdb) n 6 two_item_list.push_back(1); 1: two_item_list = {list_start = 0x77eb0930, list_end = 0x77eb0930, elements = 0, a = {<No data fields>}} 2: empty_list = {list_start = 0x77eb0910, list_end = 0x77eb0910, elements = 0, a = {<No data fields>}} (gdb) n 7 two_item_list.push_back(2); 1: two_item_list = {list_start = 0x77eb0950, list_end = 0x77eb0930, elements = 1, a = {<No data fields>}} 2: empty_list = {list_start = 0x77eb0910, list_end = 0x77eb0910, elements = 0, a = {<No data fields>}} (gdb) n 8 empty_list.splice(empty_list.end(), two_item_list, two_item_list.begin()); 1: two_item_list = {list_start = 0x77eb0950, list_end = 0x77eb0930, elements = 2, a = {<No data fields>}} 2: empty_list = {list_start = 0x77eb0910, list_end = 0x77eb0910, elements = 0, a = {<No data fields>}} (gdb) n Program received signal SIGSEGV, Segmentation fault. std::list<int, std::allocator<int> >::splice (i=..., x=..., position=..., this=0x7ffffb98) at /usr/src/openwrt/staging_dir/target-mips_24kc_musl-1.1.16/usr/include/uClibc++/list:608 608 i.link_struct()->previous->next = i.link_struct()->next; The reported line is 605 //Insert at begining special case 606 if(position == begin()){ 607 608 i.link_struct()->previous->next = i.link_struct()->next; 609 i.link_struct()->next->previous = i.link_struct()->previous; 610 611 i.link_struct()->previous = 0; 612 i.link_struct()->next = position.link_struct(); 613 position.link_struct()->previous = i.link_struct(); 614 615 list_start = i.link_struct(); 616 617 --x.elements; 618 ++elements; 619 return; 620 } See also https://github.com/mwarning/zerotier-openwrt/issues/9 and https://bugs.openwrt.org/index.php?do=details&task_id=1859 and https://github.com/uClibcxx/uClibcxx/issues/1