gcc-5.2.1 miscompiles moved-from deque with private allocator

Bug #1499564 reported by Roland Dreier
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gcc-5 (Ubuntu)
Fix Released

Bug Description

This is upstream bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67707 with a fix already in upstream gcc.

The following program:

#include <stdio.h>
#include <utility>
#include <deque>
#include <memory>

template<typename T>
struct my_allocator: public std::allocator<T>
        typedef size_t size_type;
        typedef T * pointer;
        typedef const T * const_pointer;

        typedef std::false_type is_always_equal;

        template<typename _Tp1>
        struct rebind
                typedef my_allocator<_Tp1> other;

        pointer allocate(size_type n, const void *hint = nullptr)
                return std::allocator<T>::allocate(n, hint);

        void deallocate(pointer p, size_type n)
                return std::allocator<T>::deallocate(p, n);

        size_type max_size() const
                return std::allocator<T>::max_size();

        my_allocator() : std::allocator<T>() { }
        ~my_allocator() { }

        my_allocator(const my_allocator & a) : std::allocator<T>(a) { }
        template<typename U>
        my_allocator(const my_allocator<U> & a) : std::allocator<T>(a) { }

int main(int argc, char * argv[])
        std::deque<int, my_allocator<int>> a;

        printf("empty %d size %zd\n", a.empty(), a.size());
        printf("empty %d size %zd\n", a.empty(), a.size());
        std::deque<int, my_allocator<int>> b = std::move(a);
        printf("empty %d size %zd\n", a.empty(), a.size());
        a = std::deque<int, my_allocator<int>>();
        printf("empty %d size %zd\n", a.empty(), a.size());

        return 0;

incorrectly corrupts deque state and crashes:

$ g++-5 --std=c++11 a.cpp
$ ./a.out
empty 1 size 0
empty 0 size 1
empty 1 size -128
Segmentation fault (core dumped)

This is with:

$ g++-5 --version
g++-5 (Ubuntu 5.2.1-18ubuntu1) 5.2.1 20150922

If at all possible it would be great to get the upstream fix into Ubuntu 15.10 before the final release. The upstream patch is very small (one line plus test case and changelog).

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: gcc-5 5.2.1-18ubuntu1
ProcVersionSignature: Ubuntu 4.2.0-10.12-generic 4.2.0
Uname: Linux 4.2.0-10-generic x86_64
ApportVersion: 2.18.1-0ubuntu1
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Sep 24 16:53:12 2015
InstallationDate: Installed on 2014-01-11 (621 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140109)
SourcePackage: gcc-5
UpgradeStatus: Upgraded to wily on 2015-09-18 (6 days ago)

Revision history for this message
Roland Dreier (roland.dreier) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gcc-5 - 5.2.1-19ubuntu1

gcc-5 (5.2.1-19ubuntu1) wily; urgency=medium

  * Configure --with-arch=zEC12 on s390x Ubuntu.

gcc-5 (5.2.1-19) unstable; urgency=medium

  * Update to SVN 20150930 (r228302, 5.2.1) from the gcc-5-branch.
    - Fix PR ipa/66424. Closes: #800318.

  [ Matthias Klose ]
  * Update the Linaro support to the 5-2015.09 snapshot.
  * Fix PR libstdc++/67707, taken from the trunk. LP: #1499564.
  * Ship libgcj.spec in gcj-5 instead of gcj-5-jdk. Closes: #800010.
  * gcj-5: Suggest gcj-5-jdk.
  * Fix base dependency for ada cross library packages.
  * Add ${shlibs:Depends} for libgnatvsn and libgnatprj.
  * Link lrealpath.o into libgnatprj. Closes: #800045.
  * libgnat{svn,prj}-dev: For cross builds, move adainclude and adalib files
    into the gcc libdir.
  * Default to POWER8 on ppc64el.
  * armv8: Fix slt lda missing conditional code (taken from the trunk).
  * Fix lintian pre-depends-directly-on-multiarch-support warnings.

  [ Aurelien Jarno ]
  * Apply proposed patch for PR rtl-optimization/67736 when building for
    mips64 or mips64el. Closes: #800321.

 -- Matthias Klose <email address hidden> Wed, 30 Sep 2015 22:55:14 +0200

Changed in gcc-5 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.