`pmr::monotonic_buffer_resource::allocate()` can return a pointer to freed memory after `release()` is called

boostorg / container

STL-like containers from Boost

http://www.boost.org/libs/container/

Boost Software License 1.0

103 stars 113 forks source link

`pmr::monotonic_buffer_resource::allocate()` can return a pointer to freed memory after `release()` is called #65

Closed nickhutchinson closed 6 years ago

nickhutchinson commented 6 years ago

As implemented, calling release() on a pmr::monotonic_buffer_resource leaves it in an inconsistent state, and this means calling allocate() can return a pointer to memory freed by the call to release().

The 1.65.1 implementation of release() only resets one of the member variables:

void monotonic_buffer_resource::release() BOOST_NOEXCEPT
{  m_memory_blocks.release();  }

The member variables m_current_buffer and m_current_buffer_size (used in do_allocate()) are untouched.

igaztanaga commented 6 years ago

The commit leaves the monotonic buffer as default-constructed. Thanks for the report.