TClassEdit name normalisation fails for unordered_map, leading to a crash in df104_CSVDataSource #18654

hageboeck · 2025-05-08T06:49:53Z

Check duplicate issues.

Checked for duplicates

Description

The Python version of df104_CSV frequently crashes on Ubuntu when Cppyy queries types for unordered_map<string,char>. Although a TClass for this might exist, a query for

std::unordered_map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, char, std::hash<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::equal_to<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, char> > >

might not normalise to the same class, so another TClass instance is created. During its creation, it deletes the instance for unordered_map<string,char>, leading to a dangling pointer and a use-after-free crash.

Reproducer

   auto first = TClass::GetClass("unordered_map<string,char>", true, true);
   std::unordered_map<std::string, char> map;
   auto second = first->GetActualClass(&map);
   EXPECT_EQ(first, second);

ROOT version

Master and v6.36

Installation method

Source

Operating system

All, but the crash manifests on Ubuntu

Additional context

No response

The text was updated successfully, but these errors were encountered:

When looking up a TClass via name compared to via typeid, the lookup returned a name without default template arguments in the former, and with default arguments in the latter case. This lead to a situation where tclass->GetActualClass(std::map<x,y>*) could delete itself while performing the lookup, since a new instance was created that replaced the existing instance. To make type name normalisation stable, the following was changed in TClassEdit: - Improve the handling of a trailing const in the allocator definition. - Make default allocator check more robust w.r.t. spaces in type definition. - Improve detection of std::basic_string, std::__cxx11::basic_string and similar types with/without const and std:: - Add another stripping step to remove default template arguments of STL containers when they were looked up in the interpreter. Fix root-project#18654.

hageboeck added the bug label May 8, 2025

hageboeck self-assigned this May 8, 2025

hageboeck added affects:master affects:6.36 labels May 8, 2025

hageboeck linked a pull request May 8, 2025 that will close this issue

[core] Improve class name normalisation | fix crash in tutorial-analysis-dataframe-df014_CSVDataSource-py #18625

Open

dpiparo added this to Fixed in 6.38.00 and Fixed in 6.36.00 May 8, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TClassEdit name normalisation fails for unordered_map, leading to a crash in df104_CSVDataSource #18654

TClassEdit name normalisation fails for unordered_map, leading to a crash in df104_CSVDataSource #18654

hageboeck commented May 8, 2025 •

edited

Loading

TClassEdit name normalisation fails for unordered_map, leading to a crash in df104_CSVDataSource #18654

TClassEdit name normalisation fails for unordered_map, leading to a crash in df104_CSVDataSource #18654

Comments

hageboeck commented May 8, 2025 • edited Loading

Check duplicate issues.

Description

Reproducer

ROOT version

Installation method

Operating system

Additional context

hageboeck commented May 8, 2025 •

edited

Loading