This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

stack overflow bug in ofstream::operator<<


I believe there is a bug in the cygwin DLL that causes a stack overflow
segmentation fault when ofstream::operator<< is used to write a string
that is longer than 2MB.

Attached is a simple program, writen.cc, that will create an ofstream and
write a string of user-specified length to it.  When that length exceeds
about 2MB, it fails:

  $ g++ -o writen -Wall -Wno-deprecated writen.cc
  $ ./writen 2000000
  $ ./writen 3000000
  Segmentation fault (core dumped)

The stack dump and gdb backtrace are attached.  It appears to be the case
that the string is being copied onto the stack via alloca, so when the
string size exceeds the default 2MB stack limit, the program crashes.

I have confirmed that compiling with (e.g.) -Wl,--stack,4000000 causes the
failure limit to increase accordingly.  (ulimit -s 4000 does not work
because cygwin's ulimit implementation is only partially functional.)

To fix this, I think that cygwin should not make a copy of the string; or,
if it must (CR/LF translation?), do the work in smaller chunks.

-Scott

Attachment: cygcheck.out
Description: Text document

Attachment: writen.cc
Description: Text document

Attachment: gdb.out
Description: Text document

Attachment: writen.stackdump
Description: Text document

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]