CFStringCreateCopy incorrectly copies constant strings
| Originator: | ramosian.glider | ||
| Number: | rdar://11164715 | Date Originated: | 02-Apr-2012 01:27 PM |
| Status: | Open | Resolved: | |
| Product: | Product Version: | ||
| Classification: | Reproducible: |
02-Apr-2012 01:27 PM Alexander Potapenko:
Summary:
CFStringCreateCopy() normally does not copy constant CFString instances. It however does if the default CFAllocator is replaced by any other.
Steps to Reproduce:
=================================================
$ cat t.mm
#import <Foundation/Foundation.h>
#include <stdio.h>
int main() {
#ifdef REPLACE
CFAllocatorSetDefault(kCFAllocatorMallocZone);
#endif
CFStringRef str = CFSTR("Hello world!\n");
CFStringRef str2 = CFStringCreateCopy(0, str);
fprintf(stderr, "str: %p\n", str);
fprintf(stderr, "str2: %p\n", str2);
return 0;
}
$ ../../../../build/Release+Asserts/bin/clang++ t.mm -framework Foundation -o t && ./t
str: 0x100001060
str2: 0x100001060
$ ../../../../build/Release+Asserts/bin/clang++ t.mm -framework Foundation -DREPLACE -o t && ./t
str: 0x100001070
str2: 0x1001099d8
=================================================
Expected Results:
The string pointers are equal in both cases.
Actual Results:
If the allocator is replaced, CFStringCreateCopy copies the constant string.
Notes:
See also http://code.google.com/p/address-sanitizer/issues/detail?id=10 for the examples of how the bug may lead to hangs and incorrectly working code.
There also is a proposal how to fix the code.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!