From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-406558-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 13837 invoked by alias); 14 Nov 2012 07:58:04 -0000
Received: (qmail 13786 invoked by uid 48); 14 Nov 2012 07:57:47 -0000
From: "benjamin.kircher at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug libstdc++/55320] New: Invalid delete with throwing copy-c'tor passed to std::function
Date: Wed, 14 Nov 2012 07:58:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: libstdc++
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: benjamin.kircher at gmail dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Changed-Fields:
Message-ID: <bug-55320-4@http.gcc.gnu.org/bugzilla/>
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
Content-Type: text/plain; charset="UTF-8"
MIME-Version: 1.0
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
X-SW-Source: 2012-11/txt/msg01220.txt.bz2


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55320

             Bug #: 55320
           Summary: Invalid delete with throwing copy-c'tor passed to
                    std::function
    Classification: Unclassified
           Product: gcc
           Version: 4.7.2
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: benjamin.kircher@gmail.com


Created attachment 28682
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=28682
Example program

The example program attached compiles w/o warnings and crashes with an invalid
delete when executed.


$ gcc --version
gcc (Debian 4.7.2-4) 4.7.2


$ cat main.cpp
#include <functional>
#include <stdexcept>
#include <iostream>
#include <ostream>

struct functor
{
    functor() = default;
    functor(const functor&) { throw std::exception(); }
    void operator()() {}
};

int main()
try
{
    std::function<void()> func = functor();
    return 0;
}
catch (std::exception&)
{
    std::cout << "catched" << std::endl;
}


Valgrind gives me
$ valgrind --tool=memcheck ./a.out
<snip>
==...== Invalid free() / delete / delete[] / realloc()
==...==    at 0x...: operator delete(void*) (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==...==    by 0x...:
std::_Function_base::_Base_manager<functor>::_M_destroy(std::_Any_data&,
std::integral_constant<bool, false>) (functional:1780)
==...==    by 0x...:
std::_Function_base::_Base_manager<functor>::_M_manager(std::_Any_data&,
std::_Any_data const&, std::_Manager_operation) (functional:1804)
==...==    by 0x...: std::_Function_base::~_Function_base() (functional:1885)
==...==    by 0x...: std::function<void ()>::function<functor>(functor,
std::enable_if<!(std::is_integral<functor>::value), std::function<void
()>::_Useless>::type) (functional:2292)
<snip>

On clang/libc++ this behaves as expected.