public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug c++/62052] New: function parameter has wrong address in lambda converted to pointer-to-function
@ 2014-08-07 16:48 redi at gcc dot gnu.org
2014-08-07 17:19 ` [Bug c++/62052] " redi at gcc dot gnu.org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: redi at gcc dot gnu.org @ 2014-08-07 16:48 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62052
Bug ID: 62052
Summary: function parameter has wrong address in lambda
converted to pointer-to-function
Product: gcc
Version: 4.10.0
Status: UNCONFIRMED
Keywords: wrong-code
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: redi at gcc dot gnu.org
CC: jason at gcc dot gnu.org
Blocks: 54367
extern "C" int printf(const char*, ...);
const char* locn = nullptr;
struct X
{
X() {
printf("%p cons in %s\n", this, locn);
}
X(X const& x) {
printf("%p copy %p in %s\n", this, &x, locn);
}
~X() {
printf("%p dest\n", this);
}
};
int main()
{
locn = "main";
auto f = [] (X xx)
{
locn = "lambda";
printf("%p is &xx in lambda\n", &xx);
return xx;
};
X (*ff) (X) = f;
ff ( X{} );
}
Compiled with -std=c++11 this prints:
0x7fff50eed717 cons in main
0x7fff50eed6e0 is &xx in lambda
0x7fff50eed716 copy 0x7fff50eed6e0 in lambda
0x7fff50eed716 dest
0x7fff50eed717 dest
The second line shows the function parameter xx is at 0x7fff50eed6e0 but no
object is ever constructed (or destroyed) at that address, it should be
0x7fff50eed717.
If the lambda is invoked directly the parameter has the right address, it only
happens when converted to a pointer-to-function.
The same bug occurs with -fno-elide-constructors, there are just more
intermediate objects.
As shown at https://bugzilla.redhat.com/show_bug.cgi?id=1079788 this can cause
two unique_ptr objects to own the same memory and lead to a double free
(because the move constructor called for the lambda's return value zeros out
the wrong location)
^ permalink raw reply [flat|nested] 5+ messages in thread* [Bug c++/62052] function parameter has wrong address in lambda converted to pointer-to-function 2014-08-07 16:48 [Bug c++/62052] New: function parameter has wrong address in lambda converted to pointer-to-function redi at gcc dot gnu.org @ 2014-08-07 17:19 ` redi at gcc dot gnu.org 2014-09-12 19:02 ` redi at gcc dot gnu.org ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: redi at gcc dot gnu.org @ 2014-08-07 17:19 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62052 Jonathan Wakely <redi at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Known to fail| |4.10.0, 4.7.4, 4.8.2, 4.9.1 --- Comment #1 from Jonathan Wakely <redi at gcc dot gnu.org> --- Smaller testcase that aborts on error instead of printing addresses to stdout: extern "C" void __attribute((noreturn)) abort(); struct X; X const* objects[10]; int find(X const* x) { for (int i=0; i<10; ++i) if (objects[i] == x) return i; abort(); } struct X { X() { objects[ find(nullptr) ] = this; } X(X const& x) { find(&x); objects[ find(nullptr) ] = this; } ~X() { objects[ find(this) ] = nullptr; } }; int main() { auto f = [] (X xx) { return xx; }; X (*ff) (X) = f; ff ( X{} ); } ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c++/62052] function parameter has wrong address in lambda converted to pointer-to-function 2014-08-07 16:48 [Bug c++/62052] New: function parameter has wrong address in lambda converted to pointer-to-function redi at gcc dot gnu.org 2014-08-07 17:19 ` [Bug c++/62052] " redi at gcc dot gnu.org @ 2014-09-12 19:02 ` redi at gcc dot gnu.org 2015-03-09 10:13 ` redi at gcc dot gnu.org 2015-03-09 10:15 ` redi at gcc dot gnu.org 3 siblings, 0 replies; 5+ messages in thread From: redi at gcc dot gnu.org @ 2014-09-12 19:02 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62052 Jonathan Wakely <redi at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Last reconfirmed| |2014-09-12 Ever confirmed|0 |1 Known to fail|4.10.0 |5.0 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c++/62052] function parameter has wrong address in lambda converted to pointer-to-function 2014-08-07 16:48 [Bug c++/62052] New: function parameter has wrong address in lambda converted to pointer-to-function redi at gcc dot gnu.org 2014-08-07 17:19 ` [Bug c++/62052] " redi at gcc dot gnu.org 2014-09-12 19:02 ` redi at gcc dot gnu.org @ 2015-03-09 10:13 ` redi at gcc dot gnu.org 2015-03-09 10:15 ` redi at gcc dot gnu.org 3 siblings, 0 replies; 5+ messages in thread From: redi at gcc dot gnu.org @ 2015-03-09 10:13 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62052 Jonathan Wakely <redi at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |charlie at charliedyson dot net --- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> --- *** Bug 65354 has been marked as a duplicate of this bug. *** ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c++/62052] function parameter has wrong address in lambda converted to pointer-to-function 2014-08-07 16:48 [Bug c++/62052] New: function parameter has wrong address in lambda converted to pointer-to-function redi at gcc dot gnu.org ` (2 preceding siblings ...) 2015-03-09 10:13 ` redi at gcc dot gnu.org @ 2015-03-09 10:15 ` redi at gcc dot gnu.org 3 siblings, 0 replies; 5+ messages in thread From: redi at gcc dot gnu.org @ 2015-03-09 10:15 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62052 --- Comment #3 from Jonathan Wakely <redi at gcc dot gnu.org> --- Segfaulting testcase from PR 65354: #include <iostream> int main () { auto f = +[] (std::string s) { return std::string (std::move (s)); }; std::string s ("hello"); f (std::move (s)); } ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-03-09 10:15 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2014-08-07 16:48 [Bug c++/62052] New: function parameter has wrong address in lambda converted to pointer-to-function redi at gcc dot gnu.org 2014-08-07 17:19 ` [Bug c++/62052] " redi at gcc dot gnu.org 2014-09-12 19:02 ` redi at gcc dot gnu.org 2015-03-09 10:13 ` redi at gcc dot gnu.org 2015-03-09 10:15 ` redi at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).