[GiNaC-list] Bug in GiNaC 1.7.0

Mario Prausa prausa at physik.rwth-aachen.de
Tue Jul 19 20:30:40 CEST 2016


I found a regression in GiNaC 1.7.0.

In basic.cpp (function subs_one_level) the lines

  588         auto it = m.find(*this);
  589         if (it != m.end())
  590             return it->second;
  591         return *this;

are causing problems. In GiNaC 1.6.7 we have

 599                 ex thisex = *this;
 600                 it = m.find(thisex);
 601                 if (it != m.end())
 602                         return it->second;
 603                 return thisex;

which work properly.

The problem with the 1.7.0 version is, that the this-pointer is
dynamically allocated in line 618 (when called from line 629).

*this is implicitly casted into an ex, both in line 588 and in line
591.  As the dynallocated-flag is set, the first cast destroys the
this-pointer, and the second cast crashes.


More information about the GiNaC-list mailing list