public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c++/107288] New: Double-free of temporaries created in statement following co_await
@ 2022-10-17 8:31 hodges.r at gmail dot com
2022-10-17 8:36 ` [Bug c++/107288] " hodges.r at gmail dot com
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: hodges.r at gmail dot com @ 2022-10-17 8:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107288
Bug ID: 107288
Summary: Double-free of temporaries created in statement
following co_await
Product: gcc
Version: 12.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: hodges.r at gmail dot com
Target Milestone: ---
Compiling the attached program results in a call to abort() due to a double
free of the temporary `foo`.
The problem is in this statement:
```
co_await chan.async_send({},
foo { .s = "hello world", .i = 1 },
asio::redirect_error(asio::use_awaitable, ec));
```
Modifying the code to remove the temporary works around the issue:
```
auto f = foo { .s = "hello world", .i = 1 };
co_await chan.async_send({},
std::move(f),
asio::redirect_error(asio::use_awaitable, ec));
```
Compiler command line:
```
$ /usr/bin/c++ -DBOOST_SYSTEM_NO_LIB -DBOOST_THREAD_NO_LIB -DBOOST_URL_NO_LIB=1
-DBOOST_URL_STATIC_LINK=1 -DCPP_JWT_USE_VENDORED_NLOHMANN_JSON
-I/home/rhodges/github/Power-Trade/riskmon/apps/scratch2
-I/home/rhodges/github/Power-Trade/riskmon/build/apps/scratch2
-I/home/rhodges/github/Power-Trade/riskmon/libs
-I/home/rhodges/github/Power-Trade/riskmon/build/_deps/boost_url-src/include
-isystem /home/rhodges/work/gcc/include -g -save-temps -std=gnu++20 scratch2
/home/rhodges/github/Power-Trade/riskmon/apps/scratch2/main.cpp
```
Result of running the program:
```
$ ./scratch2
munmap_chunk(): invalid pointer
Aborted (core dumped)
```
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c++/107288] Double-free of temporaries created in statement following co_await
2022-10-17 8:31 [Bug c++/107288] New: Double-free of temporaries created in statement following co_await hodges.r at gmail dot com
@ 2022-10-17 8:36 ` hodges.r at gmail dot com
2022-10-17 12:01 ` marxin at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: hodges.r at gmail dot com @ 2022-10-17 8:36 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107288
--- Comment #1 from Richard Hodges <hodges.r at gmail dot com> ---
Created attachment 53712
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53712&action=edit
.ii file as requested
Intermediate source file as required by submission guidelines (g-zipped)
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c++/107288] Double-free of temporaries created in statement following co_await
2022-10-17 8:31 [Bug c++/107288] New: Double-free of temporaries created in statement following co_await hodges.r at gmail dot com
2022-10-17 8:36 ` [Bug c++/107288] " hodges.r at gmail dot com
@ 2022-10-17 12:01 ` marxin at gcc dot gnu.org
2022-10-18 10:47 ` hodges.r at gmail dot com
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: marxin at gcc dot gnu.org @ 2022-10-17 12:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107288
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2022-10-17
CC| |iains at gcc dot gnu.org,
| |marxin at gcc dot gnu.org
Status|UNCONFIRMED |NEW
Ever confirmed|0 |1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c++/107288] Double-free of temporaries created in statement following co_await
2022-10-17 8:31 [Bug c++/107288] New: Double-free of temporaries created in statement following co_await hodges.r at gmail dot com
2022-10-17 8:36 ` [Bug c++/107288] " hodges.r at gmail dot com
2022-10-17 12:01 ` marxin at gcc dot gnu.org
@ 2022-10-18 10:47 ` hodges.r at gmail dot com
2023-04-22 19:40 ` [Bug c++/107288] coroutines: " StevenSun2021 at hotmail dot com
2024-05-06 6:25 ` accelerator0099 at gmail dot com
4 siblings, 0 replies; 6+ messages in thread
From: hodges.r at gmail dot com @ 2022-10-18 10:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107288
--- Comment #2 from Richard Hodges <hodges.r at gmail dot com> ---
Some extra diagnostic. Reducing to this minimal program:
```
#include <boost/asio/awaitable.hpp>
#include <boost/asio/co_spawn.hpp>
#include <boost/asio/detached.hpp>
#include <boost/asio/io_context.hpp>
namespace asio = boost::asio;
struct foo
{
std::string s;
int i;
};
struct bar : foo
{
bar(std::string s, int i)
: foo { .s = std::move(s), .i = i }
{
}
};
asio::awaitable< void >
co_foo(foo)
{
std::printf("%s\n", __func__);
co_return;
};
asio::awaitable< void >
co_bar(foo)
{
std::printf("%s\n", __func__);
co_return;
};
asio::awaitable< void >
co_test()
{
// this works
co_await co_bar(bar("Hello, World!", 1));
// this works but this crashes
co_await co_foo({ .s = "Hello, World!", .i = 1 });
}
int
main()
{
asio::io_context ioc;
asio::co_spawn(ioc, co_test(), asio::detached);
ioc.run();
}
```
Output:
```
co_bar
co_foo
Segmentation fault (core dumped)
```
So it seems related to the interplay between designated initialisers and
coroutines.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c++/107288] coroutines: Double-free of temporaries created in statement following co_await
2022-10-17 8:31 [Bug c++/107288] New: Double-free of temporaries created in statement following co_await hodges.r at gmail dot com
` (2 preceding siblings ...)
2022-10-18 10:47 ` hodges.r at gmail dot com
@ 2023-04-22 19:40 ` StevenSun2021 at hotmail dot com
2024-05-06 6:25 ` accelerator0099 at gmail dot com
4 siblings, 0 replies; 6+ messages in thread
From: StevenSun2021 at hotmail dot com @ 2023-04-22 19:40 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107288
Steven Sun <StevenSun2021 at hotmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |StevenSun2021 at hotmail dot com
--- Comment #3 from Steven Sun <StevenSun2021 at hotmail dot com> ---
seems that 103909, 104384, 107288 are related (probably the same bug)
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug c++/107288] coroutines: Double-free of temporaries created in statement following co_await
2022-10-17 8:31 [Bug c++/107288] New: Double-free of temporaries created in statement following co_await hodges.r at gmail dot com
` (3 preceding siblings ...)
2023-04-22 19:40 ` [Bug c++/107288] coroutines: " StevenSun2021 at hotmail dot com
@ 2024-05-06 6:25 ` accelerator0099 at gmail dot com
4 siblings, 0 replies; 6+ messages in thread
From: accelerator0099 at gmail dot com @ 2024-05-06 6:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107288
accelerator0099 at gmail dot com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |accelerator0099 at gmail dot com
--- Comment #4 from accelerator0099 at gmail dot com ---
No error on GCC 13.2
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-05-06 6:25 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-17 8:31 [Bug c++/107288] New: Double-free of temporaries created in statement following co_await hodges.r at gmail dot com
2022-10-17 8:36 ` [Bug c++/107288] " hodges.r at gmail dot com
2022-10-17 12:01 ` marxin at gcc dot gnu.org
2022-10-18 10:47 ` hodges.r at gmail dot com
2023-04-22 19:40 ` [Bug c++/107288] coroutines: " StevenSun2021 at hotmail dot com
2024-05-06 6:25 ` accelerator0099 at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).