deque::clear() uses undefined behaviour

boostorg / container

STL-like containers from Boost

http://www.boost.org/libs/container/

Boost Software License 1.0

96 stars 116 forks source link

deque::clear() uses undefined behaviour #171

Closed gleb-cloudius closed 3 years ago

gleb-cloudius commented 3 years ago

This code:

#include <boost/container/deque.hpp>
int main() {
  boost::container::deque<int> x;
  x.clear();
}

compiled with clang and ubsan clang++ -fsanitize=undefined fails with:

/usr/include/boost/container/deque.hpp:1763:63: runtime error: applying non-zero offset 8 to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/include/boost/container/deque.hpp:1763:63 in

nyh commented 3 years ago

I can reproduce this with clang 10.0.0.1, Boost 1.69.0 (on Fedora 32). It appears that when the container is empty, clear() takes a null pointer + 1 as the beginning of a loop (a loop which will do nothing because its end is a null pointer as well...), but such arithmetic with null pointer is considered "undefined behavior" in C++.

igaztanaga commented 3 years ago

Many thanks for the report!