[sigc] C++11 'auto' with sigc::mem_fun doesn't track object lifetime (potential crash)

From: Andrejs Hanins <andrejs hanins ubnt com>
To: Libsigc++ <libsigc-list gnome org>
Subject: [sigc] C++11 'auto' with sigc::mem_fun doesn't track object lifetime (potential crash)
Date: Wed, 2 Mar 2016 14:45:50 +0200

Hi,

    Consider simple code below which results in Foo::Call method to be actually called for _deleted instance_:

    class Foo : public sigc::trackable  {
        public:
        void Call() { printf("Foo call\n"); }
    };
 
    Foo* inst = new Foo();
    auto fun = sigc::mem_fun(inst, &Foo::Call); // <-- bad
    //sigc::slot<void> fun = sigc::mem_fun(inst, &Foo::Call); // <-- good
    delete inst;
    fun(); // <--- ooops!


    The documentation for mem_fun says that "...only if the object type inherits from sigc::trackable 
<https://developer.gnome.org/libsigc++/stable/structsigc_1_1trackable.html> is the slot automatically 
cleared...", but the problem is that result of mem_fun is not a slot, but a bound_mem_fun which for some 
reason doesn't track referenced object lifetime even if it inherits from trackable. If result of mem_fun is 
put explicitly into a slot, then everything works fine and Call() method is not called after instance is 
freed.

    For me it looks like a typical "shoot in the foot" for C++11 programs and should be indeed fixed. Just in 
case - issue is reproducible in current master too.


BR, Andrey

Follow-Ups:
- Re: [sigc] C++11 'auto' with sigc::mem_fun doesn't track object lifetime (potential crash)
  - From: Paul Davis

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]