From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9779 invoked by alias); 14 Feb 2014 19:44:12 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 9664 invoked by uid 48); 14 Feb 2014 19:44:07 -0000 From: "pinskia at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/60201] Issue with CRTP generation under 4.8.1 Date: Fri, 14 Feb 2014 19:44:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Version: 4.8.1 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: pinskia at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-02/txt/msg01356.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60201 Andrew Pinski changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID --- Comment #3 from Andrew Pinski --- Look at the original object: Baseclass, ParamOne, ParamTwo> test; test is of class Baseclass. You call Method on it. Method then has a cast from Baseclass to Subclass for *this but *this is only of type Baseclass and not Subclass. So when you call SubclassMethod on the object you just casted, it would really be only a Baseclass and not a Subclass so m_SubClassValue never was initialized and is in fact outside of the object. If we run using valgrind we get: ==10910== Use of uninitialised value of size 8 ==10910== at 0x56167AB: _itoa_word (_itoa.c:195) ==10910== by 0x5619347: vfprintf (vfprintf.c:1616) ==10910== by 0x5621A59: printf (printf.c:35) ==10910== by 0x400740: Subclass::SubclassMethod(ParamOne const&, ParamTwo&) (t.cc:60) ==10910== by 0x4007D6: Baseclass, ParamOne, ParamTwo>::Method(ParamOne const&) (t.cc:35) ==10910== by 0x400787: main (t.cc:71) If we run using address sanitizer we get: ================================================================ ==11676== ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff3594a8d4 at pc 0x400a6f bp 0x7fff3594a7c0 sp 0x7fff3594a7b8 READ of size 4 at 0x7fff3594a8d4 thread T0 #0 0x400a6e (/home/apinski/a.out+0x400a6e) #1 0x400cdd (/home/apinski/a.out+0x400cdd) #2 0x400bc8 (/home/apinski/a.out+0x400bc8) #3 0x7fe47a7b9c8c (/lib/libc-2.11.3.so+0x1ec8c) #4 0x4008d8 (/home/apinski/a.out+0x4008d8) Address 0x7fff3594a8d4 is located at offset 36 in frame
of T0's stack: This frame has 2 object(s): [32, 36) 'test' [96, 104) 'one' See how test ends at 36 but we are accessing location 36.