Subject: [Boost-bugs] [Boost C++ Libraries] #5143: segfaults in ordered_index
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2011-01-31 09:59:38
#5143: segfaults in ordered_index
--------------------------------------+-------------------------------------
Reporter: christoph.kluge@… | Owner: joaquin
Type: Bugs | Status: new
Milestone: To Be Determined | Component: multi_index
Version: Boost 1.35.0 | Severity: Problem
Keywords: |
--------------------------------------+-------------------------------------
Hi,
we are suffering segfaults in
ordered_index_node_impl::increment line 254
static void increment(pointer& x)
{
if(x->right()!=pointer(0)){
x=x->right();
while(x->left()!=pointer(0))x=x->left(); // XXX
}
else{
pointer y=x->parent();
while(x==y->right()){
x=y;
y=y->parent();
}
if(x->right()!=y)x=y;
}
}
What, if x->left() becomes 0? Well, it does, over here! Shouldn't this
read
while(x!=pointer(0)&&x->left()!=pointer(0))x=x->left();
? What is this line of code supposed to do anyway, other than
uselessly consuming CPU time? Why not write
x = 0;
instead, if this was meant? ordered_index_node_impl_base::left and
ordered_index_node_impl_base::right do not have any side-effects.
By the way, for the classes ordered_index_node_std_base and
ordered_index_node_compressed_base, I don't see any of the POD data
members getting initialized. A user-provided constructor is not
defined. From the C++ Standard, IIRC, POD data members are not
initialized by the implicitly-generated constructor and therefore have
indeterminate values.
This also applies to recent versions of boost, the trunk included. The
code doesn't appear to have changed here.
To me this looks like this is working only by chance. Has anyone ever
bothered to review this code?
Cheers,
Christoph
-- Ticket URL: <https://svn.boost.org/trac/boost/ticket/5143> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:05 UTC