https://bugs.llvm.org/show_bug.cgi?id=39354
Bug ID: 39354
Summary: Potential undefined behaviour in the ctor for
vector<bool>
Product: libc++
Version: 7.0
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P
Component: All Bugs
Assignee: unassignedclangb...@nondot.org
Reporter: david.wag...@easymile.com
CC: llvm-bugs@lists.llvm.org, mclow.li...@gmail.com
In std::vector<bool>::vector(size_t, bool), when the size is greater than 0,
__fill_n_false is called, which contains:
*__first.__seg_ &= ~__m;
However, the memory in __first.__seg has not been initialized (only allocated).
This is then undefined behaviour because its old (uninitialized) value is used
to compute its new value.
This was reported to us by a (proprietary) static analysis tool but we were not
able to have this error detected with valgrind nor any sanitizers (tried it
with various optimization levels). When using valgrind's --malloc-fill option
and vgdb, we observed that the allocated memory contained only zeros instead of
the non-zero value valgrind was supposed to set. Is malloc involved at all? If
not, does the allocation function always zero the memory?
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
