Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#1859 - uclibc++ crashes when trying to splice to empty list #6783

Closed
openwrt-bot opened this issue Sep 20, 2018 · 4 comments
Closed

FS#1859 - uclibc++ crashes when trying to splice to empty list #6783

openwrt-bot opened this issue Sep 20, 2018 · 4 comments
Labels

Comments

@openwrt-bot
Copy link

charlemagnelasse:

Right now, each program seems to crash which uses splice to move an item to another list (which is empty):

#include <list>

int main()
{
	std::list<int> empty_list;
	std::list<int> two_item_list;

	two_item_list.push_back(1);
	two_item_list.push_back(2);

	empty_list.splice(empty_list.end(), two_item_list, two_item_list.begin());

	return 0;
}

It crashes with:

4         {
1: two_item_list = {list_start = 0x1, list_end = 0x77f0d57f <blobmsg_add_field+42>, elements = 2012192832, a = {<No data fields>}}
2: empty_list = {list_start = 0x0, list_end = 0x77ec51ec <operator new(unsigned int)+44>, elements = 32, a = {<No data fields>}}
(gdb) n
151             std::list<int> empty_list;
1: two_item_list = {list_start = 0x1, list_end = 0x77f0d57f <blobmsg_add_field+42>, elements = 2012192832, a = {<No data fields>}}
2: empty_list = {list_start = 0x0, list_end = 0x77ec51ec <operator new(unsigned int)+44>, elements = 32, a = {<No data fields>}}
(gdb) n
5             std::list<int> two_item_list;
1: two_item_list = {list_start = 0x1, list_end = 0x77f0d57f <blobmsg_add_field+42>, elements = 2012192832, a = {<No data fields>}}
2: empty_list = {list_start = 0x77eb0910, list_end = 0x77eb0910, elements = 0, a = {<No data fields>}}
(gdb) n
6             two_item_list.push_back(1);
1: two_item_list = {list_start = 0x77eb0930, list_end = 0x77eb0930, elements = 0, a = {<No data fields>}}
2: empty_list = {list_start = 0x77eb0910, list_end = 0x77eb0910, elements = 0, a = {<No data fields>}}
(gdb) n
7             two_item_list.push_back(2);
1: two_item_list = {list_start = 0x77eb0950, list_end = 0x77eb0930, elements = 1, a = {<No data fields>}}
2: empty_list = {list_start = 0x77eb0910, list_end = 0x77eb0910, elements = 0, a = {<No data fields>}}
(gdb) n
8             empty_list.splice(empty_list.end(), two_item_list, two_item_list.begin());
1: two_item_list = {list_start = 0x77eb0950, list_end = 0x77eb0930, elements = 2, a = {<No data fields>}}
2: empty_list = {list_start = 0x77eb0910, list_end = 0x77eb0910, elements = 0, a = {<No data fields>}}
(gdb) n

Program received signal SIGSEGV, Segmentation fault.
std::list<int, std::allocator<int> >::splice (i=..., x=..., position=..., this=0x7ffffb98) at /usr/src/openwrt/staging_dir/target-mips_24kc_musl-1.1.16/usr/include/uClibc++/list:608
608                             i.link_struct()->previous->next = i.link_struct()->next;

The reported line is

605                 //Insert at begining special case
606                 if(position == begin()){
607 
608                         i.link_struct()->previous->next = i.link_struct()->next;
609                         i.link_struct()->next->previous = i.link_struct()->previous;
610 
611                         i.link_struct()->previous = 0;
612                         i.link_struct()->next = position.link_struct();
613                         position.link_struct()->previous = i.link_struct();
614 
615                         list_start = i.link_struct();
616 
617                         --x.elements;
618                         ++elements;
619                         return;
620                 }
@openwrt-bot
Copy link
Author

charlemagnelasse:

It seems like this problem is known since 2016: mwarning/zerotier-openwrt#9

See also uClibcxx/uClibcxx#1 and https://bugs.busybox.net/show_bug.cgi?id=11361

@openwrt-bot
Copy link
Author

charlemagnelasse:

Bugfix can be found at https://git.uclibc.org/uClibc++/commit/?id=c2fd3e7bac717eb783ee046b9a5639d6badcb86c

@aloisklink
Copy link

aloisklink commented Jul 9, 2022

Fixed in v0.2.5 of uClibc++, see https://git.uclibc.org/uClibc++/log/
(commit https://git.uclibc.org/uClibc++/commit/?id=c2fd3e7bac717eb783ee046b9a5639d6badcb86c is before tag v0.2.5)

This should be fixed in OpenWRT by 0b26382 (since OpenWRT 19.07-rc1)

@KanjiMonster
Copy link
Member

Closing as reported fixed, though support for uClibc++ has been dropped since then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants