PR libstdc++/81395 fix crash when write follows large read

Message ID	20170719002256.GD15340@redhat.com
State	New
Headers	show Return-Path: <gcc-patches-return-458459-incoming=patchwork.ozlabs.org@gcc.gnu.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:subject:message-id:references:mime-version:content-type :in-reply-to; q=dns; s=default; b=R76xpQ4asadIe2D1VV7E7VWiampLj9 KSe9EH2sDq7gRD9SSqzHNLpdFuQXRwUfwppJaQEQV7u4xLg0E1hrsWB+7yxwAAjK RUYix5jLjix7CzT83ynFVnNzCvi3Awy4MpfVvOh3ksm2dDoLjQDW4H0dsQVnIhSH NeM29P+zbBClQ= Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk Sender: gcc-patches-owner@gcc.gnu.org DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com AC7D27A160 Date: Wed, 19 Jul 2017 01:22:56 +0100 From: Jonathan Wakely <jwakely@redhat.com> To: libstdc++@gcc.gnu.org, gcc-patches@gcc.gnu.org Subject: Re: [PATCH] PR libstdc++/81395 fix crash when write follows large read Message-ID: <20170719002256.GD15340@redhat.com> References: <20170719001746.GA20726@redhat.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="7mxbaLlpDEyR1+x6" Content-Disposition: inline In-Reply-To: <20170719001746.GA20726@redhat.com> User-Agent: Mutt/1.8.0 (2017-02-23)

Message ID

20170719002256.GD15340@redhat.com

State

New

Headers

DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:date
	:from:to:subject:message-id:references:mime-version:content-type
	:in-reply-to; q=dns; s=default; b=R76xpQ4asadIe2D1VV7E7VWiampLj9
	KSe9EH2sDq7gRD9SSqzHNLpdFuQXRwUfwppJaQEQV7u4xLg0E1hrsWB+7yxwAAjK
	RUYix5jLjix7CzT83ynFVnNzCvi3Awy4MpfVvOh3ksm2dDoLjQDW4H0dsQVnIhSH
	NeM29P+zbBClQ=
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
Sender: gcc-patches-owner@gcc.gnu.org
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com AC7D27A160
Date: Wed, 19 Jul 2017 01:22:56 +0100
From: Jonathan Wakely <jwakely@redhat.com>
To: libstdc++@gcc.gnu.org, gcc-patches@gcc.gnu.org
Subject: Re: [PATCH] PR libstdc++/81395 fix crash when write follows large
	read
Message-ID: <20170719002256.GD15340@redhat.com>
References: <20170719001746.GA20726@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="7mxbaLlpDEyR1+x6"
Content-Disposition: inline
In-Reply-To: <20170719001746.GA20726@redhat.com>
User-Agent: Mutt/1.8.0 (2017-02-23)

Commit Message

Jonathan Wakely July 19, 2017, 12:22 a.m. UTC

On 19/07/17 01:17 +0100, Jonathan Wakely wrote:
>This fixes a crash that happens in std::filebuf when a large read
>consumes the entire get area and is followed by a write, which is then
>synced to the file by a call to overflow.
>
>The problem is that xsgetn calls _M_set_buffer(0) after reading from
>the file (i.e. when in 'read' mode). As the comments on _M_set_buffer
>say, an argument of 0 is used for 'write' mode. This causes the
>filebuf to have an active put area while in 'read' mode, so that the
>next write inserts straight into that put area, rather than performing
>the required seek to leave 'read' mode.
>
>The next overflow then tries to leave 'read' mode by doing a seek, but
>that then tries to flush the non-empty put area by calling overflow,
>which goes into a loop until we overflow the stack.
>
>The solution is to simply remove the call to _M_set_buffer(0). It's
>not needed because the buffers are already set up appropriately after
>xsgetn has read from the file: there's no active putback, no put area,
>and setg(eback(), egptr(), egptr()) has been called so there's nothing
>available in the get area. All we need to do is set _M_reading = true
>so that a following write knows it needs to perform a seek.
>
>The new testcase passes with GCC 4.5, so this is technically a
>regression. However, I have a more demanding test that fails even with
>GCC 4.5, so I don't think mixing reads and writes without intervening
>seeks was ever working completely. I hope it is now.
>
>I spent a LOT of time checking the make check-performance results
>before and after this patch (and with various other attempted fixes)
>and any difference seemed to be noise.
>
>	PR libstdc++/81395
>	* include/bits/fstream.tcc (basic_filebuf::xsgetn): Don't set buffer
>	pointers for write mode after reading.
>	* testsuite/27_io/basic_filebuf/sgetn/char/81395.cc: New.

The new test needs this dg-require so it doesn't FAIL on target boards
with no file I/O, and the dg-do is redundant.

Committed to trunk.

commit e868d4e4a67faa9b889720b5fcdd10f5eb0f4fa8
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Wed Jul 19 01:19:20 2017 +0100

    Use dg-require-fileio in new test
    
    	* testsuite/27_io/basic_filebuf/sgetn/char/81395.cc: Add dg-require.

diff --git a/libstdc++-v3/testsuite/27_io/basic_filebuf/sgetn/char/81395.cc b/libstdc++-v3/testsuite/27_io/basic_filebuf/sgetn/char/81395.cc
index 4985628..ea8dbc1 100644
--- a/libstdc++-v3/testsuite/27_io/basic_filebuf/sgetn/char/81395.cc
+++ b/libstdc++-v3/testsuite/27_io/basic_filebuf/sgetn/char/81395.cc
@@ -15,7 +15,7 @@ 
 // with this library; see the file COPYING3.  If not see
 // <http://www.gnu.org/licenses/>.
 
-// { dg-do run }
+// { dg-require-fileio "" }
 
 // PR libstdc++/81395

PR libstdc++/81395 fix crash when write follows large read

Commit Message

Patch