|
|
Boost : |
From: Michael Gebetsroither (michael.geb_at_[hidden])
Date: 2006-04-05 08:36:24
Hi all,
I've played a bit with boost::serialize and discoverd two problems (one
segfault and one maybe related memeory exhaustion).
Segfault:
demo_xml from boost::serialize examples.
I've changed the output format to text_archiv. If i increase the length of a
string in the text_archiv by 2, it gives a segfault.
All files could be found at: http://einsteinmg.dyndns.org/projects/boost_segf.
- valgrind output (demo_xml.log)
- gdb backtrace (demo_xml_gdb_backtrace)
- normal input file (demo.txt)
- input file which results in segfault (demoin.txt)
I changed the length of the string "24th Street" from 11 to 13
same results for other strings.
- demo_xml (compiled with -O2 -g3 for x86-32 gnu/linux, gcc 4.0.3-1)
- the core file (core.gz)
- and the sourcefiles demo_xml.{hpp,cpp}
Memory exhaustion:
Shows a similar problem, but with a very simple testobject (with just 2
std::string's). The output of this program should only 4 small lines but is
130MB (many printed \0).
All files could be found at: http://einsteinmg.dyndns.org/projects/boost_memex
- valgrind output (ser.log.gz, is 67MB unzipped)
- program output with false input file (ser_false_output.gz, ~130MB unzipped)
- normal output file (ser_out.txt)
- evil input file (ser_in.txt)
the length of the first string ("test1") is incremented by 2
- ser (compiled with -O2 -g3 for x86-32 gnu/linux, gcc 4.0.3-1)
Boost version is 1.33.1.
Hope that helps, solving this bug.
Greetings,
Michael Gebetsroither
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk