public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c++/65209] New: [5.0 regression] Broken code with global static variables, invalid pointer when freeing global variables
@ 2015-02-25 15:34 manisandro at gmail dot com
2015-02-25 15:50 ` [Bug c++/65209] [5 Regression] " rguenth at gcc dot gnu.org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: manisandro at gmail dot com @ 2015-02-25 15:34 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65209
Bug ID: 65209
Summary: [5.0 regression] Broken code with global static
variables, invalid pointer when freeing global
variables
Product: gcc
Version: 5.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: manisandro at gmail dot com
Created attachment 34870
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=34870&action=edit
testcase
Using gcc-5.0.0-0.15.fc23.x86_64
Test case attached. Build with
$ g++ -g -Wall -o main foo.cpp main.cpp
The test case crashes when freeing global variables:
./main
*** Error in `/home/sandro/Desktop/a/main': free(): invalid pointer:
0x0000000000610001 ***
#0 0x00007ffff71a6ae8 in raise () from /lib64/libc.so.6
#1 0x00007ffff71a877a in abort () from /lib64/libc.so.6
#2 0x00007ffff71eb092 in __libc_message () from /lib64/libc.so.6
#3 0x00007ffff71f2994 in _int_free () from /lib64/libc.so.6
#4 0x00007ffff71f748c in free () from /lib64/libc.so.6
#5 0x000000000040099b in FooData::~FooData (this=0x602118
<_ZGVZN12_GLOBAL__N_112Q_QGS_s_self13innerFunctionEvE6holder>,
__in_chrg=<optimized out>)
at foo.cpp:5
#6 0x00000000004009da in Foo::~Foo (this=0x602100
<_ZZN12_GLOBAL__N_112Q_QGS_s_self13innerFunctionEvE6holder>,
__in_chrg=<optimized out>) at foo.cpp:8
#7 0x0000000000400a12 in FooSingleton::~FooSingleton (this=0x602100
<_ZZN12_GLOBAL__N_112Q_QGS_s_self13innerFunctionEvE6holder>,
__in_chrg=<optimized out>) at foo.cpp:15
#8 0x0000000000400a69 in (anonymous
namespace)::Q_QGS_s_self::innerFunction()::Holder::~Holder() (
this=0x602100 <_ZZN12_GLOBAL__N_112Q_QGS_s_self13innerFunctionEvE6holder>,
__in_chrg=<optimized out>) at foo.cpp:33
#9 0x00007ffff71ab628 in __run_exit_handlers () from /lib64/libc.so.6
#10 0x00007ffff71ab675 in exit () from /lib64/libc.so.6
#11 0x00007ffff7191847 in __libc_start_main () from /lib64/libc.so.6
#12 0x00000000004007e9 in _start ()
Observations:
- Depends on the Q_QGS_s_self namespace being called such (more precisely,
exactly such, not even any other name with equal length)
- Depends on the innerFunction method being called such
- Depends on innerFunction being inline
- Depends on the size of the global variables
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug c++/65209] [5 Regression] Broken code with global static variables, invalid pointer when freeing global variables
2015-02-25 15:34 [Bug c++/65209] New: [5.0 regression] Broken code with global static variables, invalid pointer when freeing global variables manisandro at gmail dot com
@ 2015-02-25 15:50 ` rguenth at gcc dot gnu.org
2015-02-25 16:54 ` manisandro at gmail dot com
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu.org @ 2015-02-25 15:50 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65209
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2015-02-25
Known to work| |4.9.2
Target Milestone|--- |5.0
Summary|[5.0 regression] Broken |[5 Regression] Broken code
|code with global static |with global static
|variables, invalid pointer |variables, invalid pointer
|when freeing global |when freeing global
|variables |variables
Ever confirmed|0 |1
--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
Confirmed. Valgrind says
==23580== Invalid free() / delete / delete[] / realloc()
==23580== at 0x4C28FAC: operator delete(void*) (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23580== by 0x4009D4: FooData::~FooData() (foo.cpp:5)
==23580== by 0x400A13: Foo::~Foo() (foo.cpp:8)
==23580== by 0x400A4B: FooSingleton::~FooSingleton() (foo.cpp:15)
==23580== by 0x400AA2: (anonymous
namespace)::Q_QGS_s_self::innerFunction()::Holder::~Holder() (foo.cpp:33)
==23580== by 0x5704058: __run_exit_handlers (exit.c:82)
==23580== by 0x57040A4: exit (exit.c:104)
==23580== by 0x56EDBEB: (below main) (libc-start.c:303)
==23580== Address 0x5a80001 is 24,513 bytes inside a block of size 72,704
alloc'd
==23580== at 0x4C277AB: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23580== by 0x4EC31AF: ??? (in /usr/lib64/libstdc++.so.6.0.21)
==23580== by 0x400E859: call_init.part.0 (dl-init.c:84)
==23580== by 0x400E942: _dl_init (dl-init.c:36)
==23580== by 0x40011C9: ??? (in /lib64/ld-2.18.so)
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug c++/65209] [5 Regression] Broken code with global static variables, invalid pointer when freeing global variables
2015-02-25 15:34 [Bug c++/65209] New: [5.0 regression] Broken code with global static variables, invalid pointer when freeing global variables manisandro at gmail dot com
2015-02-25 15:50 ` [Bug c++/65209] [5 Regression] " rguenth at gcc dot gnu.org
@ 2015-02-25 16:54 ` manisandro at gmail dot com
2015-02-25 18:21 ` jakub at gcc dot gnu.org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: manisandro at gmail dot com @ 2015-02-25 16:54 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65209
--- Comment #2 from Sandro Mani <manisandro at gmail dot com> ---
Created attachment 34874
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=34874&action=edit
Slightly reduced test case
==30483== Invalid free() / delete / delete[] / realloc()
==30483== at 0x4C2D143: operator delete(void*) (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30483== by 0x400983: Foo::~Foo() (foo.cpp:4)
==30483== by 0x40099F: (anonymous
namespace)::Q_QGS_s_self::innerFunction()::Holder::~Holder() (foo.cpp:21)
==30483== by 0x570F627: __run_exit_handlers (in /usr/lib64/libc-2.21.90.so)
==30483== by 0x570F674: exit (in /usr/lib64/libc-2.21.90.so)
==30483== by 0x56F5846: (below main) (in /usr/lib64/libc-2.21.90.so)
==30483== Address 0x1 is not stack'd, malloc'd or (recently) free'd
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug c++/65209] [5 Regression] Broken code with global static variables, invalid pointer when freeing global variables
2015-02-25 15:34 [Bug c++/65209] New: [5.0 regression] Broken code with global static variables, invalid pointer when freeing global variables manisandro at gmail dot com
2015-02-25 15:50 ` [Bug c++/65209] [5 Regression] " rguenth at gcc dot gnu.org
2015-02-25 16:54 ` manisandro at gmail dot com
@ 2015-02-25 18:21 ` jakub at gcc dot gnu.org
2015-02-25 23:13 ` jason at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: jakub at gcc dot gnu.org @ 2015-02-25 18:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65209
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P1
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Exported symbols like
_ZZN12_GLOBAL__N_112Q_QGS_s_self13innerFunctionEvEN6HolderC1Ev
look very much wrong to me, anonymous namespace shouldn't be visible to other
TUs. Similarly, sections containing such symbols shouldn't be linkonce.
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug c++/65209] [5 Regression] Broken code with global static variables, invalid pointer when freeing global variables
2015-02-25 15:34 [Bug c++/65209] New: [5.0 regression] Broken code with global static variables, invalid pointer when freeing global variables manisandro at gmail dot com
` (2 preceding siblings ...)
2015-02-25 18:21 ` jakub at gcc dot gnu.org
@ 2015-02-25 23:13 ` jason at gcc dot gnu.org
2015-02-26 2:44 ` jakub at gcc dot gnu.org
2015-03-04 18:14 ` jason at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: jason at gcc dot gnu.org @ 2015-02-25 23:13 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65209
--- Comment #5 from Jason Merrill <jason at gcc dot gnu.org> ---
Author: jason
Date: Wed Feb 25 21:46:29 2015
New Revision: 220991
URL: https://gcc.gnu.org/viewcvs?rev=220991&root=gcc&view=rev
Log:
PR c++/65209
* decl2.c (constrain_visibility) [VISIBILITY_ANON]: Clear
DECL_COMDAT.
(constrain_visibility_for_template): Handle reference arguments.
Added:
trunk/gcc/testsuite/g++.dg/abi/anon4.C
Modified:
trunk/gcc/cp/ChangeLog
trunk/gcc/cp/decl2.c
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug c++/65209] [5 Regression] Broken code with global static variables, invalid pointer when freeing global variables
2015-02-25 15:34 [Bug c++/65209] New: [5.0 regression] Broken code with global static variables, invalid pointer when freeing global variables manisandro at gmail dot com
` (3 preceding siblings ...)
2015-02-25 23:13 ` jason at gcc dot gnu.org
@ 2015-02-26 2:44 ` jakub at gcc dot gnu.org
2015-03-04 18:14 ` jason at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: jakub at gcc dot gnu.org @ 2015-02-26 2:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65209
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #6 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed.
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug c++/65209] [5 Regression] Broken code with global static variables, invalid pointer when freeing global variables
2015-02-25 15:34 [Bug c++/65209] New: [5.0 regression] Broken code with global static variables, invalid pointer when freeing global variables manisandro at gmail dot com
` (4 preceding siblings ...)
2015-02-26 2:44 ` jakub at gcc dot gnu.org
@ 2015-03-04 18:14 ` jason at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: jason at gcc dot gnu.org @ 2015-03-04 18:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65209
--- Comment #7 from Jason Merrill <jason at gcc dot gnu.org> ---
Author: jason
Date: Wed Mar 4 18:13:44 2015
New Revision: 221192
URL: https://gcc.gnu.org/viewcvs?rev=221192&root=gcc&view=rev
Log:
PR c++/65209
PR c++/65309
* decl2.c (constrain_visibility_for_template): Handle reference
arguments.
Added:
branches/gcc-4_9-branch/gcc/testsuite/g++.dg/abi/anon4.C
Modified:
branches/gcc-4_9-branch/gcc/cp/ChangeLog
branches/gcc-4_9-branch/gcc/cp/decl2.c
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2015-03-04 18:14 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-02-25 15:34 [Bug c++/65209] New: [5.0 regression] Broken code with global static variables, invalid pointer when freeing global variables manisandro at gmail dot com
2015-02-25 15:50 ` [Bug c++/65209] [5 Regression] " rguenth at gcc dot gnu.org
2015-02-25 16:54 ` manisandro at gmail dot com
2015-02-25 18:21 ` jakub at gcc dot gnu.org
2015-02-25 23:13 ` jason at gcc dot gnu.org
2015-02-26 2:44 ` jakub at gcc dot gnu.org
2015-03-04 18:14 ` jason at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).