A collection of bugs story. Yamauchi, Hitoshi

Introduction

I encounter bugs quite a often. I found some of them are interesting. Here is a collection of some of them. How frequently I encounter (or produce) bugs is highly depends on how often I use the language and the language itself. I have a high bug encounter ratio in C/C++ and tcl, a low ratio in Java and scheme.

Contents

• A pitfall of strncpy. Even when you put the correct arguments, your buffer may collapse.
  

  Abstract: When you put the correct arguments of strncpy, there is a case that your char[] buffer may not contain a valid C string anymore. The strncpy function has this unexpected behavior because of the standard specification. It is also mentioned in the ``Writing Solid Code'' as a defect of function design. Actually, Stroustrup's C++ Programming Language book mentioned it (at page 600 of the third edition.) But it is mentioned in one line comment of a sample code. I think people usually can not realize that except someone have been bitten by this bug like me.

• A difficulty of realloc (from Writing Solid Code)

  Abstract: The following code has an impressive bug.

        pbBuf = (char *)realloc(pbBuf, sizeNew);
        if (pbBuf != NULL){
          /* do something */
        }
        

  Can you see the bug? It's a serious bug. pbBuf pointed to a legal address, and sizeNew > 0 when the realloc is called.

• unsigned char (from Writing Solid Code)

  Abstract: See the code below.

        #include <limits.h>
        #include <iostream>
        int main()
        {
            for(unsigned char ch = 0; ch <= UCHAR_MAX; ++ch){
                 std::cout << (int)ch << std::endl;
            }
        }
        

  Can you see the bug?

• Is the result of (foo * 0.0) always 0.0?

  Abstract: Can you imagine the next assertion failed in some cases?

        // foo is a double variable.
        foo *= 0.0;
        assert(foo == 0.0);
        

• Pointer comparison.

  Abstract: This is a bit complicated bug. 2006-12-5(Tue) So I just tell you a story. I truck down this bug for two weeks. The program crashes. But it happens:

  • Only in Linux 32bit + gcc
  • Not Linux 64 bit + icc
  • Not Windows + VC
  • If I added a member variable, it's gone.
  • If I added a virtual to a member function, it's gone.
  • A specific data only revels this bug.

• Digraph trap.

  Abstract: Why next code can not be compiled? 2006-12-15(Fri)

        class A;	// A is in the global scope.
        std::vector<::A*>
        

• An unsigned conversion magic.

  Abstract: A conversion magic. You could get the result of -1000 + 10 = 4.29497e+09 in C++ in some cases. 2006-12-24(Sun)

• OpenGL related bugs.
• Reinterpret cast is not a C cast.
• A constructor trap. This case, explicit does not help.
• How can I call pure virtual method. Sometimes my program aborted with a message, ''pure virtual method called,'' but how it is possible?
• still printf?

       long long int a = 0;
       size_t        b = 10;
       printf("%ld %ld\n", a, b);  // b is always zero in some environment
       

• const and non-const method override

  I personally think this is not a good idea. Since this is not so clear which is really called for me. This is an example.

References

• Bjarne Stroustrup, The C++ Programming Language, third edition. (This link is to the special edition) ISBN-10: 0201700735, ISBN-13: 978-0201700732, 2000
• Steve Maguire, Writing Solid Code, Microsoft Press Corp. (1993), ISBN-10: 1556155514, ISBN-13: 978-1556155512