Subject: [Boost-bugs] [Boost C++ Libraries] #13119: Boost::binomial_heap Merge memcheck error - Merging 9 into 5
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2017-07-11 19:22:34
#13119: Boost::binomial_heap Merge memcheck error - Merging 9 into 5
------------------------------+--------------------------
Reporter: jun.kudo@… | Owner: timblechmann
Type: Bugs | Status: new
Milestone: To Be Determined | Component: heap
Version: Boost 1.64.0 | Severity: Problem
Keywords: |
------------------------------+--------------------------
Binomial heap merge routine reads from uninitialized memory in the
attached example.
{{{
#include "boost/heap/binomial_heap.hpp"
typedef boost::heap::binomial_heap<int> Heap;
int main(int /*argc*/, char* /*argv*/[]) {
Heap heap0;
size_t heap0_size = 5;
size_t max_range = 100;
for (size_t ix = 0; ix < heap0_size; ++ix) {
heap0.push(rand() % max_range);
}
Heap heap1;
size_t heap1_size = 9;
for (size_t ix = 0; ix < heap1_size; ++ix) {
heap1.push(rand() % max_range);
}
heap0.merge(heap1);
}
}}}
I believe line 693 is incorrectly moving the iterator forwards.
If the carry node is inserted before the last node of trees, this line
will cause this_iterator to point to trees.end(). However, for this case,
it will follow the goto statement and start another iteration which will
cause the function to read from out of bounds.
-- Ticket URL: <https://svn.boost.org/trac10/boost/ticket/13119> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-07-11 19:25:46 UTC