|
Boost : |
From: SourceForge.net (noreply_at_[hidden])
Date: 2006-04-13 08:51:39
Bugs item #1469792, was opened at 2006-04-13 12:51
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=107586&aid=1469792&group_id=7586
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: serialization
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: simmeone (simmeone)
Assigned to: Robert Ramey (ramey)
Summary: segm. fault during std::string (STLport 5.0.2) serialization
Initial Comment:
There is an segmentation fault during STLport5.0.2
std::string object serialization.
It is probably caused by new implementation of
std::string. Now, one of possible implementation of
_String_base class contains members:
_M_buffers - union, wich holds dynamic char buffer
_M_Finish - pointer to end of string in dynamic buffer
In this case it represents our string, as a chain of
chars, which is not ended with null separator. For
example in my debbuger string "Un." is represented as:
+_M_buffers._M_dynamic_buf 0x00378958 "Un.' 'data same
as trigger' parameter is not set, 'use as data' cannot
be changed.ÃÃÃÃÃÃWhen 'data same as trigger' parameter
is not set, 'use as data' cannot be changed.ÃÃÃÃÃÃ`Å 7"
char *
-_M_finish 0x0037895b "' 'data same as trigger'
parameter is not set, 'use as data' cannot be
changed.ÃÃÃÃÃÃWhen 'data same as trigger' parameter is
not set, 'use as data' cannot be changed.ÃÃÃÃÃÃ`Å 7" char *
During serialization, there is used std::copy
algorithm, which use template class escape, as an
iterator, to iterate through the string.
in file: ../boost/archive/iterators/escape.hpp we see
function:
void increment(){
if(++m_bnext < m_bend){
m_current_value = *m_bnext;
return;
}
++(this->base_reference());
m_bnext = NULL;
m_bend = NULL;
m_current_value = (static_cast<Derived
*>(this))->fill(m_bnext, m_bend);
}
When iterator points to last char in string, and then
is incremented, it points to next char in dynamic
buffer _M_buffers._M_dynamic_buf - in our example with
string "Un." it points to apostrof character '\''. Then
function "fill" modifies "m_bnext" and "m_bend",
because of character '\''. In the next step, function
"equal" is called, to check if copy algorithm should be
stopped or not.
bool equal(const this_t & rhs) const {
return
NULL == m_bnext
&& NULL == m_bend
&& this->base_reference() ==
rhs.base_reference()
;
}
And because of m_bnext and m_bend are not NULL's, copy
algorithm is not stopped and goes on. It leads to
segmentation fault.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=107586&aid=1469792&group_id=7586
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Boost-bugs mailing list
Boost-bugs_at_[hidden]
https://lists.sourceforge.net/lists/listinfo/boost-bugs
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk