public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "avi@cloudius-systems.com" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/95111] New: coroutines use-after-free with lambdas Date: Wed, 13 May 2020 17:36:57 +0000 [thread overview] Message-ID: <bug-95111-4@http.gcc.gnu.org/bugzilla/> (raw) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95111 Bug ID: 95111 Summary: coroutines use-after-free with lambdas Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: avi@cloudius-systems.com Target Milestone: --- coroutines copy their input to the coroutine frame, so a coroutine like future<T> f(T x) { co_await something(); co_return x; } will copy x back from the coroutine frame. However, lambdas are passed by pointer, so something like [x] () -> future<T> { co_await something(); co_return x; } will fail, it is translated as something like struct lambda { T x; } future<T> lambda_operator_parens(const lambda* l) { co_await something(); co_return l->x; } Since l is captured by value, *l is dangling and is leaked. I think the following translation would be more useful: future<T> lambda_operator_parens_rref(const lambda l) { co_await something(); co_return l.x; } l would be copied by value and would survive copying/moving into the coroutine frame. I don't know if the current behavior is mandated by the standard, but if it is, it seems a serious defect.
next reply other threads:[~2020-05-13 17:36 UTC|newest] Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-05-13 17:36 avi@cloudius-systems.com [this message] 2020-05-13 19:12 ` [Bug c++/95111] " iains at gcc dot gnu.org 2020-05-13 19:14 ` avi@cloudius-systems.com 2020-05-13 19:15 ` avi@cloudius-systems.com 2020-05-13 19:21 ` iains at gcc dot gnu.org 2020-05-13 19:27 ` avi@cloudius-systems.com 2020-05-13 19:39 ` iains at gcc dot gnu.org 2020-05-13 20:10 ` avi@cloudius-systems.com 2020-05-13 20:11 ` avi@cloudius-systems.com 2020-05-13 20:17 ` iains at gcc dot gnu.org 2020-05-13 20:24 ` avi@cloudius-systems.com 2020-05-14 11:15 ` avi@cloudius-systems.com 2020-05-14 11:24 ` ville.voutilainen at gmail dot com 2020-05-14 11:29 ` avi@cloudius-systems.com 2020-05-14 11:46 ` iains at gcc dot gnu.org 2020-05-14 11:54 ` avi@cloudius-systems.com 2020-05-14 11:57 ` ville.voutilainen at gmail dot com 2020-05-14 11:59 ` ville.voutilainen at gmail dot com 2020-05-14 12:01 ` avi@cloudius-systems.com 2020-05-14 12:02 ` iains at gcc dot gnu.org 2020-05-14 12:02 ` avi@cloudius-systems.com 2020-05-14 12:25 ` iains at gcc dot gnu.org 2020-05-14 12:33 ` avi@cloudius-systems.com 2020-05-14 12:34 ` avi@cloudius-systems.com 2020-05-14 18:02 ` egallager at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-95111-4@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).