From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-448262-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 17156 invoked by alias); 4 Apr 2014 09:43:25 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Received: (qmail 16734 invoked by uid 48); 4 Apr 2014 09:43:20 -0000
From: "rguenth at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c++/60750] [4.8/4.9 Regression] double free after std::move on string inside throw when compiled with optimization
Date: Fri, 04 Apr 2014 09:43:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: c++
X-Bugzilla-Version: 4.8.2
X-Bugzilla-Keywords: wrong-code
X-Bugzilla-Severity: normal
X-Bugzilla-Who: rguenth at gcc dot gnu.org
X-Bugzilla-Status: NEW
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: 4.8.3
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: keywords priority target_milestone
Message-ID: <bug-60750-4-y2Mhfk69W9@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-60750-4@http.gcc.gnu.org/bugzilla/>
References: <bug-60750-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-04/txt/msg00282.txt.bz2

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60750

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |wrong-code
           Priority|P3                          |P2
   Target Milestone|---                         |4.8.3

--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
valgrind says

==12050== Invalid free() / delete / delete[] / realloc()
==12050==    at 0x4C28FAC: operator delete(void*) (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12050==    by 0x400DA3: main (basic_string.h:547)
==12050==  Address 0x5a0b0b0 is 0 bytes inside a block of size 30 free'd
==12050==    at 0x4C28FAC: operator delete(void*) (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12050==    by 0x4EF6879: std::string::_M_mutate(unsigned long, unsigned long,
unsigned long) (in /usr/lib64/libstdc++.so.6.0.20)
==12050==    by 0x4EF6D1D: std::string::_M_replace_safe(unsigned long, unsigned
long, char const*, unsigned long) (in /usr/lib64/libstdc++.so.6.0.20)
==12050==    by 0x400CF3: thrower(std::string) (basic_string.h:1277)
==12050==    by 0x400D8F: main (t.C:13)