My favorites | Sign in
Project Home Issues
New issue   Search
  Advanced search   Search tips   Subscriptions
Issue 38630: NDK: stlport iterator wrapper implementation (_IteWrapper) can lead to runtime crashes.
1 person starred this issue and may be notified of changes. Back to list
Status:  Released
Closed:  Oct 2012

Sign in to add a comment
Project Member Reported by, Oct 18, 2012
the _IteWrapper template class under sources/cxx-stl/stlport/stlport/stl/pointers/_tools.h has an operator*() implementation that looks like the following:

  const_reference operator*() const
  { return cast_traits::to_storage_type_cref(*_M_ite); }

The problem with it is that, sometimes, the compiler will implement by retrieving the value of *_M_ite into a temporary local variable, then apply the type-casting to_storage_type_cref operation to it.

This means that the function really returns the address of a stack-allocated variable that doesn't exist anymore (i.e. a dangling pointer).

In certain cases, this can causes crashes when said pointer is referenced.
This happened in Chrome for Android, when doing something as simple as:

  SetOfStuff set1(vector1.begin(), vector1.end());

while the corresponding operation doesn't crash:

  SetOfStuff set1;
  std::copy(vector1.begin(), vector1.end(),
            std::inserter(set1, set1.begin()));

This bug is to track the issue, and provide a bugfix, which can be done with a change like:

  const_reference operator*() const
  { return __reinterpret_cast<const_reference>(*_M_ite); }

Oct 18, 2012
Project Member #1
Fix uploaded at
Oct 24, 2012
Project Member #2
(No comment was entered for this change.)
Status: FutureRelease
Nov 20, 2012
Project Member #3
released in r8c
Status: Released
Sign in to add a comment

Powered by Google Project Hosting