Boost logo

Boost :

Subject: Re: [boost] [intrusive] Possible bug in bstree_algorithms.hpp
From: Ion Gaztañaga (igaztanaga_at_[hidden])
Date: 2014-09-09 07:45:10


El 08/09/2014 22:40, Lars Hagström escribió:
> //Merge logic. First just update block sizes, then fix free blocks tree
> if(merge_with_prev || merge_with_next){
> //Merge if the previous is free
> if(merge_with_prev){
> m_header.m_imultiset.check();
> //Get the previous block
> block_ctrl *prev_block = priv_prev_block(block);
> m_header.m_imultiset.check();
> prev_block->m_size += block->m_size;
> * m_header.m_imultiset.check(); //this check fails!*
> BOOST_ASSERT(prev_block->m_size >= BlockCtrlUnits);
> m_header.m_imultiset.check();
>
> Now, to be honest, I found it a bit surprising to find the multiset
> invariants being invalidated by an addition, but what do I know... Does
> this make any sense at all?

Ugh. This seems like a memory overwrite error, or the address to be
deallocated is not really a correctly allocated block. To know if the
address is correct we could iterate m_header.m_imultiset and check if
"block" is in the container. Something like:

auto itbeg(m_imultiset.begin()), itend(m_imultiset.end());

bool found = false;
for(;itbeg != itend; ++ibeg){
    if(&*itbeg == &block){
       found = true;
    }
}

"block" always should be there, otherwise, a wrong address was passed.
Do you have the stack trace when m_header.m_imultiset.check() fails?

Best,

Ion


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk